summaryrefslogtreecommitdiff
path: root/docs/yodldocs
diff options
context:
space:
mode:
Diffstat (limited to 'docs/yodldocs')
-rw-r--r--docs/yodldocs/smbpasswd.5.yo82
1 files changed, 82 insertions, 0 deletions
diff --git a/docs/yodldocs/smbpasswd.5.yo b/docs/yodldocs/smbpasswd.5.yo
index 2466b826b9..692bbfe0e9 100644
--- a/docs/yodldocs/smbpasswd.5.yo
+++ b/docs/yodldocs/smbpasswd.5.yo
@@ -95,8 +95,90 @@ dit(bf(NT Password Hash)) nl() nl()
bf(smbpasswd) file itself must be set to be read/write only by root,
with no other access.
+label(AccountFlags)
+dit(bf(Account Flags)) nl() nl()
+
+ This section contains flags that describe the attributes of the users
+ account. In the bf(Samba2.0) release this field is bracketed by tt('[')
+ and tt(']') characters and is always 13 characters in length (including
+ the tt('[') and tt(']') characters). The contents of this field may be
+ any of the characters.
+
+ startit()
+
+ label(capU)
+ it() bf('U') This means this is a em("User") account, ie. an ordinary
+ user. Only bf(User) and link(bf(Worskstation Trust))(capW) accounts are
+ currently supported in the bf(smbpasswd) file.
+
+ label(capN)
+ it() bf('N') This means the account has em(no) password (the passwords
+ in the fields link(bf(Lanman Password Hash))(LanmanPasswordHash) and
+ link(bf(NT Password Hash))(NTPasswordHash) are ignored). Note that this
+ will only allow users to log on with no password if the
+ url(bf(null passwords))(smb.conf.5.html#nullpasswords) parameter is set
+ in the url(bf(smb.conf (5)))(smb.conf.5.html) config file.
+
+ label(capD)
+ it() bf('D') This means the account is diabled and no SMB/CIFS logins
+ will be allowed for this user.
+
+ label(capW)
+ it() bf('W') This means this account is a em("Workstation Trust") account.
+ This kind of account is used in the Samba PDC code stream to allow Windows
+ NT Workstations and Servers to join a Domain hosted by a Samba PDC.
+
+ endit()
+
+ Other flags may be added as the code is extended in future. The rest of
+ this field space is filled in with spaces.
+
+label(LastChangeTime)
+dit(bf(Last Change Time)) nl() nl()
+
+ This field consists of the time the account was last modified. It consists of
+ the characters tt(LCT-) (standing for em("Last Change Time")) followed by a numeric
+ encoding of the UNIX time in seconds since the epoch (1970) that the last change
+ was made.
+
+dit(bf(Following fields)) nl() nl()
+
+ All other colon separated fields are ignored at this time.
+
enddit()
+label(NOTES)
+manpagesection(NOTES)
+
+In previous versions of Samba (notably the 1.9.18 series) this file
+did not contain the link(bf(Account Flags))(AccountFlags) or
+link(bf(Last Change Time))(LastChangeTime) fields. The Samba 2.0
+code will read and write these older password files but will not be able to
+modify the old entries to add the new fields. New entries added with
+url(bf(smbpasswd (8)))(smbpasswd.8.html) will contain the new fields
+in the added accounts however. Thus an older bf(smbpasswd) file used
+with Samba 2.0 may end up with some accounts containing the new fields
+and some not.
+
+In order to convert from an old-style bf(smbpasswd) file to a new
+style, run the script bf(convert_smbpasswd), installed in the
+Samba tt(bin/) directory (the same place that the url(bf(smbd))(smbd.8.html)
+and url(bf(nmbd))(nmbd.8.html) binaries are installed) as follows:
+
+verb(
+
+ cat old_smbpasswd_file | convert_smbpasswd > new_smbpasswd_file
+
+)
+
+The bf(convert_smbpasswd) script reads from stdin and writes to stdout
+so as not to overwrite any files by accident.
+
+Once this script has been run, check the contents of the new smbpasswd
+file to ensure that it has not been damaged by the conversion script
+(which uses bf(awk)), and then replace the tt(<old smbpasswd file>)
+with the tt(<new smbpasswd file>).
+
label(VERSION)
manpagesection(VERSION)