diff options
Diffstat (limited to 'docs/htmldocs/smbpasswd.8.html')
| -rw-r--r-- | docs/htmldocs/smbpasswd.8.html | 606 |
1 files changed, 606 insertions, 0 deletions
diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html new file mode 100644 index 0000000000..a8b39b37e5 --- /dev/null +++ b/docs/htmldocs/smbpasswd.8.html @@ -0,0 +1,606 @@ +<HTML +><HEAD +><TITLE +>smbpasswd</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="SMBPASSWD" +>smbpasswd</A +></H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="AEN5" +></A +><H2 +>Name</H2 +>smbpasswd -- change a user's SMB password</DIV +><DIV +CLASS="REFSYNOPSISDIV" +><A +NAME="AEN8" +></A +><H2 +>Synopsis</H2 +><P +><B +CLASS="COMMAND" +>smbpasswd</B +> [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-j DOMAIN] [-U username[%password]] [-h] [-s] [-w pass] [username]</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN26" +></A +><H2 +>DESCRIPTION</H2 +><P +>This tool is part of the <A +HREF="samba.7.html" +TARGET="_top" +> Samba</A +> suite.</P +><P +>The smbpasswd program has several different + functions, depending on whether it is run by the <EM +>root</EM +> + user or not. When run as a normal user it allows the user to change + the password used for their SMB sessions on any machines that store + SMB passwords. </P +><P +>By default (when run with no arguments) it will attempt to + change the current user's SMB password on the local machine. This is + similar to the way the <B +CLASS="COMMAND" +>passwd(1)</B +> program works. + <B +CLASS="COMMAND" +>smbpasswd</B +> differs from how the passwd program works + however in that it is not <EM +>setuid root</EM +> but works in + a client-server mode and communicates with a locally running + <B +CLASS="COMMAND" +>smbd(8)</B +>. As a consequence in order for this to + succeed the smbd daemon must be running on the local machine. On a + UNIX machine the encrypted SMB passwords are usually stored in + the <TT +CLASS="FILENAME" +>smbpasswd(5)</TT +> file. </P +><P +>When run by an ordinary user with no options. smbpasswd + will prompt them for their old SMB password and then ask them + for their new password twice, to ensure that the new password + was typed correctly. No passwords will be echoed on the screen + whilst being typed. If you have a blank SMB password (specified by + the string "NO PASSWORD" in the smbpasswd file) then just press + the <Enter> key when asked for your old password. </P +><P +>smbpasswd can also be used by a normal user to change their + SMB password on remote machines, such as Windows NT Primary Domain + Controllers. See the (-r) and -U options below. </P +><P +>When run by root, smbpasswd allows new users to be added + and deleted in the smbpasswd file, as well as allows changes to + the attributes of the user in this file to be made. When run by root, + <B +CLASS="COMMAND" +>smbpasswd</B +> accesses the local smbpasswd file + directly, thus enabling changes to be made even if smbd is not + running. </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN42" +></A +><H2 +>OPTIONS</H2 +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>-a</DT +><DD +><P +>This option specifies that the username + following should be added to the local smbpasswd file, with the + new password typed (type <Enter> for the old password). This + option is ignored if the username following already exists in + the smbpasswd file and it is treated like a regular change + password command. Note that the default passdb backends require + the user to already exist in the system password file (usually + <TT +CLASS="FILENAME" +>/etc/passwd</TT +>), else the request to add the + user will fail. </P +><P +>This option is only available when running smbpasswd + as root. </P +></DD +><DT +>-x</DT +><DD +><P +>This option specifies that the username + following should be deleted from the local smbpasswd file. + </P +><P +>This option is only available when running smbpasswd as + root.</P +></DD +><DT +>-d</DT +><DD +><P +>This option specifies that the username following + should be <TT +CLASS="CONSTANT" +>disabled</TT +> in the local smbpasswd + file. This is done by writing a <TT +CLASS="CONSTANT" +>'D'</TT +> flag + into the account control space in the smbpasswd file. Once this + is done all attempts to authenticate via SMB using this username + will fail. </P +><P +>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 + format) there is no space in the user's password entry to write + this information and the command will FAIL. See <B +CLASS="COMMAND" +>smbpasswd(5) + </B +> for details on the 'old' and new password file formats. + </P +><P +>This option is only available when running smbpasswd as + root.</P +></DD +><DT +>-e</DT +><DD +><P +>This option specifies that the username following + should be <TT +CLASS="CONSTANT" +>enabled</TT +> in the local smbpasswd file, + if the account was previously disabled. If the account was not + disabled this option has no effect. Once the account is enabled then + the user will be able to authenticate via SMB once again. </P +><P +>If the smbpasswd file is in the 'old' format, then <B +CLASS="COMMAND" +> smbpasswd</B +> will FAIL to enable the account. + See <B +CLASS="COMMAND" +>smbpasswd (5)</B +> for + details on the 'old' and new password file formats. </P +><P +>This option is only available when running smbpasswd as root. + </P +></DD +><DT +>-D debuglevel</DT +><DD +><P +><TT +CLASS="REPLACEABLE" +><I +>debuglevel</I +></TT +> is an integer + from 0 to 10. The default value if this parameter is not specified + is zero. </P +><P +>The higher this value, the more detail will be logged to the + log files about the activities of smbpasswd. At level 0, only + critical errors and serious warnings will be logged. </P +><P +>Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. Levels + above 3 are designed for use only by developers and generate + HUGE amounts of log data, most of which is extremely cryptic. + </P +></DD +><DT +>-n</DT +><DD +><P +>This option specifies that the username following + should have their password set to null (i.e. a blank password) in + the local smbpasswd file. This is done by writing the string "NO + PASSWORD" as the first part of the first password stored in the + smbpasswd file. </P +><P +>Note that to allow users to logon to a Samba server once + the password has been set to "NO PASSWORD" in the smbpasswd + file the administrator must set the following parameter in the [global] + section of the <TT +CLASS="FILENAME" +>smb.conf</TT +> file : </P +><P +><B +CLASS="COMMAND" +>null passwords = yes</B +></P +><P +>This option is only available when running smbpasswd as + root.</P +></DD +><DT +>-r remote machine name</DT +><DD +><P +>This option allows a user to specify what machine + they wish to change their password on. Without this parameter + smbpasswd defaults to the local host. The <TT +CLASS="REPLACEABLE" +><I +>remote + machine name</I +></TT +> is the NetBIOS name of the SMB/CIFS + server to contact to attempt the password change. This name is + resolved into an IP address using the standard name resolution + mechanism in all programs of the Samba suite. See the <TT +CLASS="PARAMETER" +><I +>-R + name resolve order</I +></TT +> parameter for details on changing + this resolving mechanism. </P +><P +>The username whose password is changed is that of the + current UNIX logged on user. See the <TT +CLASS="PARAMETER" +><I +>-U username</I +></TT +> + parameter for details on changing the password for a different + username. </P +><P +>Note that if changing a Windows NT Domain password the + remote machine specified must be the Primary Domain Controller for + the domain (Backup Domain Controllers only have a read-only + copy of the user account database and will not allow the password + change).</P +><P +><EM +>Note</EM +> that Windows 95/98 do not have + a real password database so it is not possible to change passwords + specifying a Win95/98 machine as remote machine target. </P +></DD +><DT +>-R name resolve order</DT +><DD +><P +>This option allows the user of smbpasswd to determine + what name resolution services to use when looking up the NetBIOS + name of the host being connected to. </P +><P +>The options are :"lmhosts", "host", "wins" and "bcast". They cause + names to be resolved as follows : </P +><P +></P +><UL +><LI +><P +><TT +CLASS="CONSTANT" +>lmhosts</TT +> : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the <A +HREF="lmhosts.5.html" +TARGET="_top" +>lmhosts(5)</A +> for details) then + any name type matches for lookup.</P +></LI +><LI +><P +><TT +CLASS="CONSTANT" +>host</TT +> : Do a standard host + name to IP address resolution, using the system <TT +CLASS="FILENAME" +>/etc/hosts + </TT +>, NIS, or DNS lookups. This method of name resolution + is operating system depended for instance on IRIX or Solaris this + may be controlled by the <TT +CLASS="FILENAME" +>/etc/nsswitch.conf</TT +> + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored.</P +></LI +><LI +><P +><TT +CLASS="CONSTANT" +>wins</TT +> : Query a name with + the IP address listed in the <TT +CLASS="PARAMETER" +><I +>wins server</I +></TT +> + parameter. If no WINS server has been specified this method + will be ignored.</P +></LI +><LI +><P +><TT +CLASS="CONSTANT" +>bcast</TT +> : Do a broadcast on + each of the known local interfaces listed in the + <TT +CLASS="PARAMETER" +><I +>interfaces</I +></TT +> parameter. This is the least + reliable of the name resolution methods as it depends on the + target host being on a locally connected subnet.</P +></LI +></UL +><P +>The default order is <B +CLASS="COMMAND" +>lmhosts, host, wins, bcast</B +> + and without this parameter or any entry in the + <TT +CLASS="FILENAME" +>smb.conf</TT +> file the name resolution methods will + be attempted in this order. </P +></DD +><DT +>-m</DT +><DD +><P +>This option tells smbpasswd that the account + being changed is a MACHINE account. Currently this is used + when Samba is being used as an NT Primary Domain Controller.</P +><P +>This option is only available when running smbpasswd as root. + </P +></DD +><DT +>-U username</DT +><DD +><P +>This option may only be used in conjunction + with the <TT +CLASS="PARAMETER" +><I +>-r</I +></TT +> option. When changing + a password on a remote machine it allows the user to specify + the user name on that machine whose password will be changed. It + is present to allow users who have different user names on + different systems to change these passwords. </P +></DD +><DT +>-h</DT +><DD +><P +>This option prints the help string for <B +CLASS="COMMAND" +> smbpasswd</B +>, selecting the correct one for running as root + or as an ordinary user. </P +></DD +><DT +>-s</DT +><DD +><P +>This option causes smbpasswd to be silent (i.e. + not issue prompts) and to read its old and new passwords from + standard input, rather than from <TT +CLASS="FILENAME" +>/dev/tty</TT +> + (like the <B +CLASS="COMMAND" +>passwd(1)</B +> program does). This option + is to aid people writing scripts to drive smbpasswd</P +></DD +><DT +>-w password</DT +><DD +><P +>This parameter is only available is Samba + has been configured to use the experiemental + <B +CLASS="COMMAND" +>--with-ldapsam</B +> option. The <TT +CLASS="PARAMETER" +><I +>-w</I +></TT +> + switch is used to specify the password to be used with the + <A +HREF="smb.conf.5.html#LDAPADMINDN" +TARGET="_top" +><TT +CLASS="PARAMETER" +><I +>ldap admin + dn</I +></TT +></A +>. Note that the password is stored in + the <TT +CLASS="FILENAME" +>private/secrets.tdb</TT +> and is keyed off + of the admin's DN. This means that if the value of <TT +CLASS="PARAMETER" +><I +>ldap + admin dn</I +></TT +> ever changes, the password will beed to be + manually updated as well. + </P +></DD +><DT +>username</DT +><DD +><P +>This specifies the username for all of the + <EM +>root only</EM +> options to operate on. Only root + can specify this parameter as only root has the permission needed + to modify attributes directly in the local smbpasswd file. + </P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN163" +></A +><H2 +>NOTES</H2 +><P +>Since <B +CLASS="COMMAND" +>smbpasswd</B +> works in client-server + mode communicating with a local smbd for a non-root user then + the smbd daemon must be running for this to work. A common problem + is to add a restriction to the hosts that may access the <B +CLASS="COMMAND" +> smbd</B +> running on the local machine by specifying a + <TT +CLASS="PARAMETER" +><I +>allow hosts</I +></TT +> or <TT +CLASS="PARAMETER" +><I +>deny hosts</I +></TT +> + entry in the <TT +CLASS="FILENAME" +>smb.conf</TT +> file and neglecting to + allow "localhost" access to the smbd. </P +><P +>In addition, the smbpasswd command is only useful if Samba + has been set up to use encrypted passwords. See the file + <TT +CLASS="FILENAME" +>ENCRYPTION.txt</TT +> in the docs directory for details + on how to do this. </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN173" +></A +><H2 +>VERSION</H2 +><P +>This man page is correct for version 3.0 of + the Samba suite.</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN176" +></A +><H2 +>SEE ALSO</H2 +><P +><A +HREF="smbpasswd.5.html" +TARGET="_top" +><TT +CLASS="FILENAME" +>smbpasswd(5)</TT +></A +>, + <A +HREF="samba.7.html" +TARGET="_top" +>samba(7)</A +> + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN182" +></A +><H2 +>AUTHOR</H2 +><P +>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</P +><P +>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <A +HREF="ftp://ftp.icce.rug.nl/pub/unix/" +TARGET="_top" +> ftp://ftp.icce.rug.nl/pub/unix/</A +>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</P +></DIV +></BODY +></HTML +>
\ No newline at end of file |