diff options
Diffstat (limited to 'docs/htmldocs/smbpasswd.8.html')
| -rw-r--r-- | docs/htmldocs/smbpasswd.8.html | 304 |
1 files changed, 145 insertions, 159 deletions
diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html index 6b227f9d1e..da3cb9f601 100644 --- a/docs/htmldocs/smbpasswd.8.html +++ b/docs/htmldocs/smbpasswd.8.html @@ -1,11 +1,12 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> <HTML ><HEAD ><TITLE >smbpasswd</TITLE ><META NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD +CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ +"></HEAD ><BODY CLASS="REFENTRY" BGCOLOR="#FFFFFF" @@ -15,9 +16,7 @@ VLINK="#840084" ALINK="#0000FF" ><H1 ><A -NAME="SMBPASSWD.8" -></A ->smbpasswd</H1 +NAME="SMBPASSWD">smbpasswd</H1 ><DIV CLASS="REFNAMEDIV" ><A @@ -29,15 +28,13 @@ NAME="AEN5" ><DIV CLASS="REFSYNOPSISDIV" ><A -NAME="AEN8" -></A -><H2 +NAME="AEN8"><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >smbpasswd</B -> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username]</P +> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username]</P ></DIV ><DIV CLASS="REFSECT1" @@ -47,23 +44,18 @@ NAME="AEN27" ><H2 >DESCRIPTION</H2 ><P ->This tool is part of the <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->Samba</SPAN ->(7)</SPAN +>This tool is part of the <A +HREF="samba.7.html" +TARGET="_top" +> Samba</A > suite.</P ><P >The smbpasswd program has several different - functions, depending on whether it is run by the <SPAN -CLASS="emphasis" -><I + functions, depending on whether it is run by the <I CLASS="EMPHASIS" >root</I -></SPAN -> user - or not. When run as a normal user it allows the user to change +> + user or not. When run as a normal user it allows the user to change the password used for their SMB sessions on any machines that store SMB passwords. </P ><P @@ -72,33 +64,25 @@ CLASS="EMPHASIS" similar to the way the <B CLASS="COMMAND" >passwd(1)</B -> program works. <B +> program works. + <B CLASS="COMMAND" -> smbpasswd</B +>smbpasswd</B > differs from how the passwd program works - however in that it is not <SPAN -CLASS="emphasis" -><I + however in that it is not <I CLASS="EMPHASIS" >setuid root</I -></SPAN > but works in - a client-server mode and communicates with a - locally running <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->smbd</SPAN ->(8)</SPAN + a client-server mode and communicates with a locally running + <B +CLASS="COMMAND" +>smbd(8)</B >. As a consequence in order for this to succeed the smbd daemon must be running on the local machine. On a UNIX machine the encrypted SMB passwords are usually stored in - the <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->smbpasswd</SPAN ->(5)</SPAN + the <TT +CLASS="FILENAME" +>smbpasswd(5)</TT > file. </P ><P >When run by an ordinary user with no options, smbpasswd @@ -111,20 +95,14 @@ CLASS="REFENTRYTITLE" ><P >smbpasswd can also be used by a normal user to change their SMB password on remote machines, such as Windows NT Primary Domain - Controllers. See the (<VAR -CLASS="PARAMETER" ->-r</VAR ->) and <VAR -CLASS="PARAMETER" ->-U</VAR -> options - below. </P + Controllers. See the (-r) and -U options below. </P ><P >When run by root, smbpasswd allows new users to be added and deleted in the smbpasswd file, as well as allows changes to - the attributes of the user in this file to be made. When run by root, <B + the attributes of the user in this file to be made. When run by root, + <B CLASS="COMMAND" -> smbpasswd</B +>smbpasswd</B > accesses the local smbpasswd file directly, thus enabling changes to be made even if smbd is not running. </P @@ -132,7 +110,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN51" +NAME="AEN43" ></A ><H2 >OPTIONS</H2 @@ -177,13 +155,13 @@ CLASS="FILENAME" ><DD ><P >This option specifies that the username following - should be <CODE + should be <TT CLASS="CONSTANT" ->disabled</CODE +>disabled</TT > in the local smbpasswd - file. This is done by writing a <CODE + file. This is done by writing a <TT CLASS="CONSTANT" ->'D'</CODE +>'D'</TT > flag into the account control space in the smbpasswd file. Once this is done all attempts to authenticate via SMB using this username @@ -191,12 +169,10 @@ CLASS="CONSTANT" ><P >If the smbpasswd file is in the 'old' format (pre-Samba 2.0 format) there is no space in the user's password entry to write - this information and the command will FAIL. See <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->smbpasswd</SPAN ->(5)</SPAN + this information and the command will FAIL. See <B +CLASS="COMMAND" +>smbpasswd(5) + </B > for details on the 'old' and new password file formats. </P ><P @@ -208,9 +184,9 @@ CLASS="REFENTRYTITLE" ><DD ><P >This option specifies that the username following - should be <CODE + should be <TT CLASS="CONSTANT" ->enabled</CODE +>enabled</TT > in the local smbpasswd file, if the account was previously disabled. If the account was not disabled this option has no effect. Once the account is enabled then @@ -220,12 +196,9 @@ CLASS="CONSTANT" CLASS="COMMAND" > smbpasswd</B > will FAIL to enable the account. - See <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->smbpasswd</SPAN ->(5)</SPAN + See <B +CLASS="COMMAND" +>smbpasswd (5)</B > for details on the 'old' and new password file formats. </P ><P @@ -236,9 +209,11 @@ CLASS="REFENTRYTITLE" >-D debuglevel</DT ><DD ><P -><VAR +><TT CLASS="REPLACEABLE" ->debuglevel</VAR +><I +>debuglevel</I +></TT > is an integer from 0 to 10. The default value if this parameter is not specified is zero. </P @@ -285,24 +260,30 @@ CLASS="COMMAND" ><P >This option allows a user to specify what machine they wish to change their password on. Without this parameter - smbpasswd defaults to the local host. The <VAR + smbpasswd defaults to the local host. The <TT CLASS="REPLACEABLE" +><I >remote - machine name</VAR + machine name</I +></TT > is the NetBIOS name of the SMB/CIFS server to contact to attempt the password change. This name is resolved into an IP address using the standard name resolution - mechanism in all programs of the Samba suite. See the <VAR + mechanism in all programs of the Samba suite. See the <TT CLASS="PARAMETER" +><I >-R - name resolve order</VAR + name resolve order</I +></TT > parameter for details on changing this resolving mechanism. </P ><P >The username whose password is changed is that of the - current UNIX logged on user. See the <VAR + current UNIX logged on user. See the <TT CLASS="PARAMETER" ->-U username</VAR +><I +>-U username</I +></TT > parameter for details on changing the password for a different username. </P @@ -313,12 +294,9 @@ CLASS="PARAMETER" copy of the user account database and will not allow the password change).</P ><P -><SPAN -CLASS="emphasis" ><I CLASS="EMPHASIS" >Note</I -></SPAN > that Windows 95/98 do not have a real password database so it is not possible to change passwords specifying a Win95/98 machine as remote machine target. </P @@ -332,32 +310,30 @@ CLASS="EMPHASIS" name of the host being connected to. </P ><P >The options are :"lmhosts", "host", "wins" and "bcast". They - cause names to be resolved as follows: </P + cause names to be resolved as follows : </P ><P ></P ><UL ><LI ><P -><CODE +><TT CLASS="CONSTANT" ->lmhosts</CODE ->: Lookup an IP +>lmhosts</TT +> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->lmhosts</SPAN ->(5)</SPAN + no name type attached to the NetBIOS name (see the <A +HREF="lmhosts.5.html" +TARGET="_top" +>lmhosts(5)</A > for details) then any name type matches for lookup.</P ></LI ><LI ><P -><CODE +><TT CLASS="CONSTANT" ->host</CODE ->: Do a standard host +>host</TT +> : Do a standard host name to IP address resolution, using the system <TT CLASS="FILENAME" >/etc/hosts @@ -374,27 +350,31 @@ CLASS="FILENAME" ></LI ><LI ><P -><CODE +><TT CLASS="CONSTANT" ->wins</CODE ->: Query a name with - the IP address listed in the <VAR +>wins</TT +> : Query a name with + the IP address listed in the <TT CLASS="PARAMETER" ->wins server</VAR +><I +>wins server</I +></TT > parameter. If no WINS server has been specified this method will be ignored.</P ></LI ><LI ><P -><CODE +><TT CLASS="CONSTANT" ->bcast</CODE ->: Do a broadcast on +>bcast</TT +> : Do a broadcast on each of the known local interfaces listed in the - <VAR + <TT CLASS="PARAMETER" ->interfaces</VAR +><I +>interfaces</I +></TT > parameter. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet.</P @@ -405,12 +385,10 @@ CLASS="PARAMETER" CLASS="COMMAND" >lmhosts, host, wins, bcast</B > - and without this parameter or any entry in the <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->smb.conf</SPAN ->(5)</SPAN + and without this parameter or any entry in the + <TT +CLASS="FILENAME" +>smb.conf</TT > file the name resolution methods will be attempted in this order. </P ></DD @@ -430,9 +408,11 @@ CLASS="REFENTRYTITLE" ><DD ><P >This option may only be used in conjunction - with the <VAR + with the <TT CLASS="PARAMETER" ->-r</VAR +><I +>-r</I +></TT > option. When changing a password on a remote machine it allows the user to specify the user name on that machine whose password will be changed. It @@ -474,28 +454,34 @@ CLASS="COMMAND" <B CLASS="COMMAND" >--with-ldapsam</B -> option. The <VAR +> option. The <TT CLASS="PARAMETER" ->-w</VAR +><I +>-w</I +></TT > switch is used to specify the password to be used with the <A HREF="smb.conf.5.html#LDAPADMINDN" TARGET="_top" -><VAR +><TT CLASS="PARAMETER" +><I >ldap admin - dn</VAR + dn</I +></TT ></A >. Note that the password is stored in the <TT CLASS="FILENAME" ->secrets.tdb</TT +>private/secrets.tdb</TT > and is keyed off - of the admin's DN. This means that if the value of <VAR + of the admin's DN. This means that if the value of <TT CLASS="PARAMETER" +><I >ldap - admin dn</VAR + admin dn</I +></TT > ever changes, the password will need to be manually updated as well. </P @@ -523,12 +509,9 @@ CLASS="PARAMETER" ><DD ><P >This specifies the username for all of the - <SPAN -CLASS="emphasis" -><I + <I CLASS="EMPHASIS" >root only</I -></SPAN > options to operate on. Only root can specify this parameter as only root has the permission needed to modify attributes directly in the local smbpasswd file. @@ -540,7 +523,7 @@ CLASS="EMPHASIS" ><DIV CLASS="REFSECT1" ><A -NAME="AEN189" +NAME="AEN173" ></A ><H2 >NOTES</H2 @@ -554,67 +537,70 @@ CLASS="COMMAND" is to add a restriction to the hosts that may access the <B CLASS="COMMAND" > smbd</B -> running on the local machine by specifying either <VAR +> running on the local machine by specifying a + <TT CLASS="PARAMETER" ->allow - hosts</VAR -> or <VAR +><I +>allow hosts</I +></TT +> or <TT CLASS="PARAMETER" ->deny hosts</VAR -> entry in - the <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->smb.conf</SPAN ->(5)</SPAN +><I +>deny hosts</I +></TT +> + entry in the <TT +CLASS="FILENAME" +>smb.conf</TT > file and neglecting to allow "localhost" access to the smbd. </P ><P >In addition, the smbpasswd command is only useful if Samba - has been set up to use encrypted passwords. See the document <A -HREF="pwencrypt.html" -TARGET="_top" -> "LanMan and NT Password Encryption in Samba"</A + has been set up to use encrypted passwords. See the file + <TT +CLASS="FILENAME" +>ENCRYPTION.txt</TT > in the docs directory for details on how to do this. </P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN201" +NAME="AEN183" ></A ><H2 >VERSION</H2 ><P ->This man page is correct for version 3.0 of the Samba suite.</P +>This man page is correct for version 3.0 of + the Samba suite.</P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN204" +NAME="AEN186" ></A ><H2 >SEE ALSO</H2 ><P -><SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->smbpasswd</SPAN ->(5)</SPAN ->, <SPAN -CLASS="CITEREFENTRY" -><SPAN -CLASS="REFENTRYTITLE" ->Samba</SPAN ->(7)</SPAN ->.</P +><A +HREF="smbpasswd.5.html" +TARGET="_top" +><TT +CLASS="FILENAME" +>smbpasswd(5)</TT +></A +>, + <A +HREF="samba.7.html" +TARGET="_top" +>samba(7)</A +> + </P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN213" +NAME="AEN192" ></A ><H2 >AUTHOR</H2 @@ -626,14 +612,14 @@ NAME="AEN213" ><P >The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <A + excellent piece of Open Source software, available at + <A HREF="ftp://ftp.icce.rug.nl/pub/unix/" TARGET="_top" > ftp://ftp.icce.rug.nl/pub/unix/</A >) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</P + Samba 2.2 was done by Gerald Carter</P ></DIV ></BODY ></HTML |