From af60ba31e124e87473aaa2822997f989dd52f876 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Nov 1998 01:23:43 +0000 Subject: First version of HTML docs generated from YODL source. Jeremy. (This used to be commit 8f5f0bffc6af97e1f382cb3baa03ccecb0f151c4) --- docs/htmldocs/smbpasswd.8.html | 270 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 270 insertions(+) create mode 100644 docs/htmldocs/smbpasswd.8.html (limited to 'docs/htmldocs/smbpasswd.8.html') diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html new file mode 100644 index 0000000000..b93fbd595f --- /dev/null +++ b/docs/htmldocs/smbpasswd.8.html @@ -0,0 +1,270 @@ + + + + + +smbpasswd + + + + + +

+ +

smbpasswd

Samba

23 Oct 1998

+ + + + +

NAME

+ smbpasswd - change a users SMB password +

SYNOPSIS

+ +

smbpasswd [-a] [-d] [-e] [-D debug level] [-n] [-r remote_machine] [-R name resolve order] [-m] [-j DOMAIN] [-U username] [-h] [-s] username +

DESCRIPTION

+ +

This program is part of the Samba suite. +

The smbpasswd program has several different functions, depending +on whether it is run by the root user or not. When run as a normal +user it allows the user to change the password used for their SMB +sessions on any machines that store SMB passwords. +

By default (when run with no arguments) it will attempt to change the +current users SMB password on the local machine. This is similar to +the way the passwd (1) program works. smbpasswd differs from +the passwd program works however in that it is not setuid root +but works in a client-server mode and communicates with a locally +running smbd. As a consequence in order for this +to succeed the smbd daemon must be running on +the local machine. On a UNIX machine the encrypted SMB passwords are +usually stored in the smbpasswd (5) file. +

When run by an ordinary user with no options. smbpasswd will +prompt them for their old smb password and then ask them for their new +password twice, to ensure that the new password was typed +correctly. No passwords will be echoed on the screen whilst being +typed. If you have a blank smb password (specified by the string "NO +PASSWORD" in the smbpasswd file) then just +press the <Enter> key when asked for your old password. +

smbpasswd also can be used by a normal user to change their SMB +password on remote machines, such as Windows NT Primary Domain +Controllers. See the (-r) and +-U options below. +

When run by root, smbpasswd allows new users to be added and +deleted in the smbpasswd file, as well as +changes to the attributes of the user in this file to be made. When +run by root, smbpasswd accesses the local +smbpasswd file directly, thus enabling +changes to be made even if smbd is not running. +

OPTIONS

+ +

-a This option specifies that the username following should +be added to the local smbpasswd file, with +the new password typed (type <Enter> for the old password). This +option is ignored if the username following already exists in the +smbpasswd file and it is treated like a +regular change password command. Note that the user to be added .B +must already exist in the system password file (usually /etc/passwd) +else the request to add the user will fail. +

This option is only available when running smbpasswd as +root. +

+
-d This option specifies that the username following should be +disabled in the local smbpasswd file. +This is done by writing a 'D' flag into the account control space +in the smbpasswd file. Once this is done +all attempts to authenticate via SMB using this username will fail. +

If the smbpasswd file is in the 'old' +format (pre-Samba 2.0 format) there is no space in the users password +entry to write this information and so the user is disabled by writing +'X' characters into the password space in the +smbpasswd file. See smbpasswd +(5) for details on the 'old' and new password file +formats. +

This option is only available when running smbpasswd as root. +

+
-e This option specifies that the username following should be +enabled in the local smbpasswd file, +if the account was previously disabled. If the account was not +disabled this option has no effect. Once the account is enabled +then the user will be able to authenticate via SMB once again. +

If the smbpasswd file is in the 'old' format then smbpasswd will +prompt for a new password for this user, otherwise the account will be +enabled by removing the 'D' flag from account control space in the +smbpasswd file. See smbpasswd +(5) for details on the 'old' and new password file +formats. +

This option is only available when running smbpasswd as root. +

+
-D debuglevel debuglevel is an integer from 0 +to 10. The default value if this parameter is not specified is zero. +

The higher this value, the more detail will be logged to the log files +about the activities of smbpasswd. At level 0, only critical errors +and serious warnings will be logged. +

Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic. +

+
-n This option specifies that the username following should +have their password set to null (i.e. a blank password) in the local +smbpasswd file. This is done by writing the +string "NO PASSWORD" as the first part of the first password stored in +the smbpasswd file. +

Note that to allow users to logon to a Samba server once the password +has been set to "NO PASSWORD" in the +smbpasswd file the administrator must set +the following parameter in the [global] section of the +smb.conf file : +

null passwords = true +

This option is only available when running smbpasswd as root. +

+
-r remote machine name This option allows a +user to specify what machine they wish to change their password +on. Without this parameter smbpasswd defaults to the local +host. The "remote machine name" is the NetBIOS name of the +SMB/CIFS server to contact to attempt the password change. This name +is resolved into an IP address using the standard name resolution +mechanism in all programs of the Samba +suite. See the -R name resolve order parameter for details on changing this resolving +mechanism. +

The username whose password is changed is that of the current UNIX +logged on user. See the -U username +parameter for details on changing the password for a different +username. +

Note that if changing a Windows NT Domain password the remote machine +specified must be the Primary Domain Controller for the domain (Backup +Domain Controllers only have a read-only copy of the user account +database and will not allow the password change). +

+
-R name resolve order This option allows the user of +smbclient to determine what name resolution services to use when +looking up the NetBIOS name of the host being connected to. +

The options are :"lmhosts", "host", +"wins" and "bcast". They cause names to be +resolved as follows : +
- lmhosts : Lookup an IP address in the Samba lmhosts file. +
  
  +
- host : Do a standard host name to IP address resolution, +using the system /etc/hosts, NIS, or DNS lookups. This method of name +resolution is operating system depended for instance on IRIX or +Solaris this may be controlled by the /etc/nsswitch.conf file). +
  
  +
- wins : Query a name with the IP address listed in the wins +server parameter in the smb.conf file. If +no WINS server has been specified this method will be ignored. +
  
  +
- bcast : Do a broadcast on each of the known local interfaces +listed in the interfaces parameter +in the smb.conf file. This is the least reliable of the name resolution +methods as it depends on the target host being on a locally connected +subnet. +
+

If this parameter is not set then the name resolver order defined +in the smb.conf file parameter +name resolve order +will be used. +

The default order is lmhosts, host, wins, bcast and without this +parameter or any entry in the smb.conf +file the name resolution methods will be attempted in this order. +

+
-m This option tells smbpasswd that the account being +changed is a MACHINE account. Currently this is used when Samba is +being used as an NT Primary Domain Controller. PDC support is not a +supported feature in Samba2.0 but will become supported in a later +release. If you wish to know more about using Samba as an NT PDC then +please subscribe to the mailing list +samba-ntdom@samba.anu.edu.au. +

This option is only available when running smbpasswd as root. +

+
-j DOMAIN This option is used to add a Samba server into a +Windows NT Domain, as a Domain member capable of authenticating user +accounts to any Domain Controller in the same way as a Windows NT +Server. See the security=domain +option in the smb.conf (5) man page. +

In order to be used in this way, the Administrator for the Windows +NT Domain must have used the program "Server Manager for Domains" +to add the primary NetBIOS name of +the Samba server as a member of the Domain. +

After this has been done, to join the Domain invoke smbpasswd with +this parameter. smbpasswd will then look up the Primary Domain +Controller for the Domain (found in the +smb.conf file in the parameter +password server and change +the machine account password used to create the secure Domain +communication. This password is then stored by smbpasswd in a +file, read only by root, called <Domain>.<Machine>.mac where +<Domain> is the name of the Domain we are joining and tt<Machine> +is the primary NetBIOS name of the machine we are running on. +

Once this operation has been performed the +smb.conf file may be updated to set the +security=domain option and all +future logins to the Samba server will be authenticated to the Windows +NT PDC. +

Note that even though the authentication is being done to the PDC all +users accessing the Samba server must still have a valid UNIX account +on that machine. +

This option is only available when running smbpasswd as root. +

+
-U username This option may only be used in +conjunction with the -r +option. When changing a password on a remote machine it allows the +user to specify the user name on that machine whose password will be +changed. It is present to allow users who have different user names on +different systems to change these passwords. +

+
-h This option prints the help string for smbpasswd, +selecting the correct one for running as root or as an ordinary user. +

+
-s This option causes smbpasswd to be silent (ie. not +issue prompts) and to read it's old and new passwords from standard +input, rather than from /dev/tty (like the passwd (1) program +does). This option is to aid people writing scripts to drive smbpasswd +

+dir(username) This specifies the username for all of the root +only options to operate on. Only root can specify this parameter as +only root has the permission needed to modify attributes directly +in the local smbpasswd file. +

+
NOTES
+ +

As smbpasswd works in client-server mode communicating with a +local smbd for a non-root user then the smbd +daemon must be running for this to work. A common problem is to add a +restriction to the hosts that may access the smbd running on the +local machine by specifying a "allow +hosts" or "deny +hosts" entry in the +smb.conf file and neglecting to allow +"localhost" access to the smbd. +

In addition, the smbpasswd command is only useful if Samba has +been set up to use encrypted passwords. See the file ENCRYPTION.txt +in the docs directory for details on how to do this. +

+
VERSION
+ +

This man page is correct for version 2.0 of the Samba suite. +

+
AUTHOR
+ +

The original Samba software and related utilities were created by +Andrew Tridgell samba-bugs@samba.anu.edu.au. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +

The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, samba-bugs@samba.anu.edu.au. +

See samba (7) to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. + + -- cgit