diff options
Diffstat (limited to 'docs/yodldocs/smbpasswd.8.yo')
-rw-r--r-- | docs/yodldocs/smbpasswd.8.yo | 319 |
1 files changed, 0 insertions, 319 deletions
diff --git a/docs/yodldocs/smbpasswd.8.yo b/docs/yodldocs/smbpasswd.8.yo deleted file mode 100644 index 3d418e4953..0000000000 --- a/docs/yodldocs/smbpasswd.8.yo +++ /dev/null @@ -1,319 +0,0 @@ -mailto(samba@samba.org) - -manpage(smbpasswd htmlcommand((8)))(8)(23 Oct 1998)(Samba)(SAMBA) - -label(NAME) -manpagename(smbpasswd)(change a users SMB password) - -label(SYNOPSIS) -manpagesynopsis() - -bf(smbpasswd) [link(-a)(minusa)] [link(-x)(minusx)] [link(-d)(minusd)] [link(-e)(minuse)] [link(-D debug level)(minusD)] [link(-n)(minusn)] [link(-r remote_machine)(minusr)] [link(-R name resolve order)(minusR)] [link(-m)(minusm)] [link(-j DOMAIN)(minusj)] [link(-U username)(minusU)] [link(-h)(minush)] [link(-s)(minuss)] link(username)(username) - -label(DESCRIPTION) -manpagedescription() - -This program is part of the bf(Samba) suite. - -The bf(smbpasswd) program has several different functions, depending -on whether it is run by the em(root) user or not. When run as a normal -user it allows the user to change the password used for their SMB -sessions on any machines that store SMB passwords. - -By default (when run with no arguments) it will attempt to change the -current users SMB password on the local machine. This is similar to -the way the bf(passwd (1)) program works. bf(smbpasswd) differs from how -the bf(passwd) program works however in that it is not em(setuid root) -but works in a client-server mode and communicates with a locally -running url(bf(smbd))(smbd.8.html). As a consequence in order for this -to succeed the url(bf(smbd))(smbd.8.html) daemon must be running on -the local machine. On a UNIX machine the encrypted SMB passwords are -usually stored in the url(bf(smbpasswd (5)))(smbpasswd.5.html) file. - -When run by an ordinary user with no options. bf(smbpasswd) will -prompt them for their old smb password and then ask them for their new -password twice, to ensure that the new password was typed -correctly. No passwords will be echoed on the screen whilst being -typed. If you have a blank smb password (specified by the string "NO -PASSWORD" in the url(bf(smbpasswd))(smbpasswd.5.html) file) then just -press the <Enter> key when asked for your old password. - -bf(smbpasswd) can also be used by a normal user to change their SMB -password on remote machines, such as Windows NT Primary Domain -Controllers. See the link((bf(-r)))(minusr) and -link(bf(-U))(minusU) options below. - -When run by root, bf(smbpasswd) allows new users to be added and -deleted in the url(bf(smbpasswd))(smbpasswd.5.html) file, as well as -allows changes to the attributes of the user in this file to be made. When -run by root, bf(smbpasswd) accesses the local -url(bf(smbpasswd))(smbpasswd.5.html) file directly, thus enabling -changes to be made even if url(bf(smbd))(smbd.8.html) is not running. - -label(OPTIONS) -manpageoptions() - -startdit() - -label(minusa) -dit(bf(-a)) This option specifies that the username following should -be added to the local url(bf(smbpasswd))(smbpasswd.5.html) file, with -the new password typed (type <Enter> for the old password). This -option is ignored if the username following already exists in the -url(bf(smbpasswd))(smbpasswd.5.html) file and it is treated like a -regular change password command. Note that the user to be added -bf(must) already exist in the system password file (usually /etc/passwd) -else the request to add the user will fail. - -This option is only available when running bf(smbpasswd) as -root. - -label(minusx) -dit(bf(-x)) This option specifies that the username following should -be deleted from the local url(bf(smbpasswd))(smbpasswd.5.html) file. - -This option is only available when running bf(smbpasswd) as -root. - -label(minusd) -dit(bf(-d)) This option specifies that the username following should be -em(disabled) in the local url(bf(smbpasswd))(smbpasswd.5.html) file. -This is done by writing a em('D') flag into the account control space -in the url(bf(smbpasswd))(smbpasswd.5.html) file. Once this is done -all attempts to authenticate via SMB using this username will fail. - -If the url(bf(smbpasswd))(smbpasswd.5.html) file is in the 'old' -format (pre-Samba 2.0 format) there is no space in the users password -entry to write this information and so the user is disabled by writing -'X' characters into the password space in the -url(bf(smbpasswd))(smbpasswd.5.html) file. See url(bf(smbpasswd -(5)))(smbpasswd.5.html) for details on the 'old' and new password file -formats. - -This option is only available when running bf(smbpasswd) as root. - -label(minuse) -dit(bf(-e)) This option specifies that the username following should be -em(enabled) in the local url(bf(smbpasswd))(smbpasswd.5.html) file, -if the account was previously disabled. If the account was not -disabled this option has no effect. Once the account is enabled -then the user will be able to authenticate via SMB once again. - -If the smbpasswd file is in the 'old' format then bf(smbpasswd) will -prompt for a new password for this user, otherwise the account will be -enabled by removing the em('D') flag from account control space in the -url(bf(smbpasswd))(smbpasswd.5.html) file. See url(bf(smbpasswd -(5)))(smbpasswd.5.html) for details on the 'old' and new password file -formats. - -This option is only available when running bf(smbpasswd) as root. - -label(minusD) -dit(bf(-D debuglevel)) debuglevel is an integer from 0 -to 10. The default value if this parameter is not specified is zero. - -The higher this value, the more detail will be logged to the log files -about the activities of smbpasswd. At level 0, only critical errors -and serious warnings will be logged. - -Levels above 1 will generate considerable amounts of log data, and -should only be used when investigating a problem. Levels above 3 are -designed for use only by developers and generate HUGE amounts of log -data, most of which is extremely cryptic. - -label(minusn) -dit(bf(-n)) This option specifies that the username following should -have their password set to null (i.e. a blank password) in the local -url(bf(smbpasswd))(smbpasswd.5.html) file. This is done by writing the -string "NO PASSWORD" as the first part of the first password stored in -the url(bf(smbpasswd))(smbpasswd.5.html) file. - -Note that to allow users to logon to a Samba server once the password -has been set to "NO PASSWORD" in the -url(bf(smbpasswd))(smbpasswd.5.html) file the administrator must set -the following parameter in the [global] section of the -url(bf(smb.conf))(smb.conf.5.html) file : - -url(null passwords = true)(smb.conf.5.html#nullpasswords) - -This option is only available when running bf(smbpasswd) as root. - -label(minusr) -dit(bf(-r remote machine name)) This option allows a -user to specify what machine they wish to change their password -on. Without this parameter bf(smbpasswd) defaults to the local -host. The em("remote machine name") is the NetBIOS name of the -SMB/CIFS server to contact to attempt the password change. This name -is resolved into an IP address using the standard name resolution -mechanism in all programs of the url(bf(Samba))(samba.7.html) -suite. See the link(bf(-R name resolve order))(minusR) parameter for details on changing this resolving -mechanism. - -The username whose password is changed is that of the current UNIX -logged on user. See the link(bf(-U username))(minusU) -parameter for details on changing the password for a different -username. - -Note that if changing a Windows NT Domain password the remote machine -specified must be the Primary Domain Controller for the domain (Backup -Domain Controllers only have a read-only copy of the user account -database and will not allow the password change). - -em(Note) that Windows 95/98 do not have a real password database -so it is not possible to change passwords specifying a Win95/98 -machine as remote machine target. - -label(minusR) -dit(bf(-R name resolve order)) This option allows the user of -smbclient to determine what name resolution services to use when -looking up the NetBIOS name of the host being connected to. - -The options are :link("lmhosts")(lmhosts), link("host")(host), -link("wins")(wins) and link("bcast")(bcast). They cause names to be -resolved as follows : - -startit() - -label(lmhosts) -it() bf(lmhosts) : Lookup an IP address in the Samba lmhosts file. - -label(host) -it() bf(host) : Do a standard host name to IP address resolution, -using the system /etc/hosts, NIS, or DNS lookups. This method of name -resolution is operating system dependent. For instance on IRIX or -Solaris, this may be controlled by the em(/etc/nsswitch.conf) file). - -label(wins) -it() bf(wins) : Query a name with the IP address listed in the -url(bf(wins server))(smb.conf.5.html#winsserver) parameter in the -url(bf(smb.conf file))(smb.conf.5.html). If -no WINS server has been specified this method will be ignored. - -label(bcast) -it() bf(bcast) : Do a broadcast on each of the known local interfaces -listed in the url(bf(interfaces))(smb.conf.5.html#interfaces) parameter -in the smb.conf file. This is the least reliable of the name resolution -methods as it depends on the target host being on a locally connected -subnet. - -endit() - -If this parameter is not set then the name resolve order defined -in the url(bf(smb.conf))(smb.conf.5.html) file parameter -url(bf(name resolve order))(smb.conf.5.html#nameresolveorder) -will be used. - -The default order is lmhosts, host, wins, bcast and without this -parameter or any entry in the url(bf(smb.conf))(smb.conf.5.html) -file the name resolution methods will be attempted in this order. - -label(minusm) -dit(bf(-m)) This option tells bf(smbpasswd) that the account being -changed is a em(MACHINE) account. Currently this is used when Samba is -being used as an NT Primary Domain Controller. PDC support is not a -supported feature in Samba2.0 but will become supported in a later -release. If you wish to know more about using Samba as an NT PDC then -please subscribe to the mailing list -email(samba-ntdom@samba.org). - -This option is only available when running bf(smbpasswd) as root. - -label(minusj) -dit(bf(-j DOMAIN)) This option is used to add a Samba server into a -Windows NT Domain, as a Domain member capable of authenticating user -accounts to any Domain Controller in the same way as a Windows NT -Server. See the url(bf(security=domain))(smb.conf.5.html#security) -option in the url(bf(smb.conf (5)))(smb.conf.5.html) man page. - -In order to be used in this way, the Administrator for the Windows -NT Domain must have used the program em("Server Manager for Domains") -to add the url(primary NetBIOS name)(smb.conf.5.html#netbiosname) of -the Samba server as a member of the Domain. - -After this has been done, to join the Domain invoke bf(smbpasswd) with -this parameter. bf(smbpasswd) will then look up the Primary Domain -Controller for the Domain (found in the -url(bf(smb.conf))(smb.conf.5.html) file in the parameter -url(bf(password server))(smb.conf.5.html#passwordserver) and change -the machine account password used to create the secure Domain -communication. This password is then stored by bf(smbpasswd) in a -file, read only by root, called tt(<Domain>.<Machine>.mac) where -tt(<Domain>) is the name of the Domain we are joining and tt(<Machine>) -is the primary NetBIOS name of the machine we are running on. - -Once this operation has been performed the -url(bf(smb.conf))(smb.conf.5.html) file may be updated to set the -url(bf(security=domain))(smb.conf.5.html#security) option and all -future logins to the Samba server will be authenticated to the Windows -NT PDC. - -Note that even though the authentication is being done to the PDC all -users accessing the Samba server must still have a valid UNIX account -on that machine. - -This option is only available when running bf(smbpasswd) as root. - -label(minusU) -dit(bf(-U username)) This option may only be used in -conjunction with the link(bf(-r))(minusr) -option. When changing a password on a remote machine it allows the -user to specify the user name on that machine whose password will be -changed. It is present to allow users who have different user names on -different systems to change these passwords. - -label(minush) -dit(bf(-h)) This option prints the help string for bf(smbpasswd), -selecting the correct one for running as root or as an ordinary user. - -label(minuss) -dit(bf(-s)) This option causes bf(smbpasswd) to be silent (i.e. not -issue prompts) and to read it's old and new passwords from standard -input, rather than from tt(/dev/tty) (like the bf(passwd (1)) program -does). This option is to aid people writing scripts to drive bf(smbpasswd) - -label(username) -dit(bf(username)) This specifies the username for all of the em(root -only) options to operate on. Only root can specify this parameter as -only root has the permission needed to modify attributes directly -in the local url(bf(smbpasswd))(smbpasswd.5.html) file. - -label(NOTES) -manpagesection(NOTES) - -Since bf(smbpasswd) works in client-server mode communicating with a -local url(bf(smbd))(smbd.8.html) for a non-root user then the bf(smbd) -daemon must be running for this to work. A common problem is to add a -restriction to the hosts that may access the bf(smbd) running on the -local machine by specifying a url(bf("allow -hosts"))(smb.conf.5.html#allowhosts) or url(bf("deny -hosts"))(smb.conf.5.html#denyhosts) entry in the -url(bf(smb.conf))(smb.conf.5.html) file and neglecting to allow -em("localhost") access to the bf(smbd). - -In addition, the bf(smbpasswd) command is only useful if bf(Samba) has -been set up to use encrypted passwords. See the file bf(ENCRYPTION.txt) -in the docs directory for details on how to do this. - -label(VERSION) -manpagesection(VERSION) - -This man page is correct for version 2.0 of the Samba suite. - -label(AUTHOR) -manpageauthor() - -The original Samba software and related utilities were created by -Andrew Tridgell email(samba@samba.org). Samba is now developed -by the Samba Team as an Open Source project similar to the way the -Linux kernel is developed. - -The original Samba man pages were written by Karl Auer. The man page -sources were converted to YODL format (another excellent piece of Open -Source software, available at -url(bf(ftp://ftp.icce.rug.nl/pub/unix/))(ftp://ftp.icce.rug.nl/pub/unix/)) -and updated for the Samba2.0 release by Jeremy Allison. -email(samba@samba.org). - -See url(bf(samba (7)))(samba.7.html) to find out how to get a full -list of contributors and details on how to submit bug reports, -comments etc. |