From 6412277fa9947702898bc34b0a6ee57a0cfef6f2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Nov 1998 01:27:18 +0000 Subject: First versions of the man pages auto-generated from the YODL source. Jeremy. (This used to be commit 00241b15fa8ccd21e1b43726ea131a189c14074e) --- docs/manpages/smbpasswd.8 | 429 +++++++++++++++++++++++++++++++--------------- 1 file changed, 292 insertions(+), 137 deletions(-) (limited to 'docs/manpages/smbpasswd.8') diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8 index 4f2658736f..e958266560 100644 --- a/docs/manpages/smbpasswd.8 +++ b/docs/manpages/smbpasswd.8 @@ -1,138 +1,293 @@ -.TH SMBPASSWD 8 "09 Oct 1998" "smbpasswd 2.0.0-alpha11" -.SH NAME -smbpasswd \- change a users smb password in the smbpasswd file. -.SH SYNOPSIS -.B smbpasswd -[ -.B \-a -] [ -.B \-r -remote_machine -] [ -.B username -] -.SH DESCRIPTION - -This program is part of the Samba suite. - -.B smbpasswd -allows a user to change their encrypted smb password which -is stored in the smbpasswd file (usually kept in the -.I private -directory under the -.I Samba -directory hierarchy. Ordinary users can only run the command -with no options. It will prompt them for their old smb password -and then ask them for their new password twice, to ensure that -the new password was typed correctly. No passwords will -be echoed on the screen whilst being typed. If you have a blank -smb password (specified by the string "NO PASSWORD" in the -smbpasswd file) then just press the key when asked -for your old password. - -.B New for 1.9.18p4. -smbpasswd will now allow a user to change their password -on a Windows NT server. To use this add the -.I \-r -.I \ -paramter to the smbpasswd command. The machine name is looked -up using the "name resolve order" parameter defined in the -smb.conf [global] section. Note that when changing a Windows -NT password for a domain user, -.I \ -must be the name of the Primary domain controller. - -To allow users to change their passwords from "NO PASSWORD" -in the smbpasswd file to a valid password the administrator -must set the following parameter in the [global] section of -the smb.conf : - +.TH "smbpasswd" "8" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +smbpasswd \- change a users SMB password +.PP +.SH "SYNOPSIS" +.PP +\fBsmbpasswd\fP [-a] [-d] [-e] [-D debug level] [-n] [-r remote_machine] [-R name resolve order] [-m] [-j DOMAIN] [-U username] [-h] [-s] username +.PP +.SH "DESCRIPTION" +.PP +This program is part of the \fBSamba\fP suite\&. +.PP +The \fBsmbpasswd\fP program has several different functions, depending +on whether it is run by the \fIroot\fP user or not\&. When run as a normal +user it allows the user to change the password used for their SMB +sessions on any machines that store SMB passwords\&. +.PP +By default (when run with no arguments) it will attempt to change the +current users SMB password on the local machine\&. This is similar to +the way the \fBpasswd (1)\fP program works\&. \fBsmbpasswd\fP differs from +the \fBpasswd\fP program works however in that it is not \fIsetuid root\fP +but works in a client-server mode and communicates with a locally +running \fBsmbd\fP\&. As a consequence in order for this +to succeed the \fBsmbd\fP daemon must be running on +the local machine\&. On a UNIX machine the encrypted SMB passwords are +usually stored in the \fBsmbpasswd (5)\fP file\&. +.PP +When run by an ordinary user with no options\&. \fBsmbpasswd\fP will +prompt them for their old smb password and then ask them for their new +password twice, to ensure that the new password was typed +correctly\&. No passwords will be echoed on the screen whilst being +typed\&. If you have a blank smb password (specified by the string "NO +PASSWORD" in the \fBsmbpasswd\fP file) then just +press the key when asked for your old password\&. +.PP +\fBsmbpasswd\fP also can be used by a normal user to change their SMB +password on remote machines, such as Windows NT Primary Domain +Controllers\&. See the (\fB-r\fP) and +\fB-U\fP options below\&. +.PP +When run by root, \fBsmbpasswd\fP allows new users to be added and +deleted in the \fBsmbpasswd\fP file, as well as +changes to the attributes of the user in this file to be made\&. When +run by root, \fBsmbpasswd\fP accesses the local +\fBsmbpasswd\fP file directly, thus enabling +changes to be made even if \fBsmbd\fP is not running\&. +.PP +.SH "OPTIONS" +.PP +.IP +.IP "\fB-a\fP" +This option specifies that the username following should +be added to the local \fBsmbpasswd\fP file, with +the new password typed (type for the old password)\&. This +option is ignored if the username following already exists in the +\fBsmbpasswd\fP file and it is treated like a +regular change password command\&. Note that the user to be added \&.B +must already exist in the system password file (usually /etc/passwd) +else the request to add the user will fail\&. +.IP +This option is only available when running \fBsmbpasswd\fP as +root\&. +.IP +.IP "\fB-d\fP" +This option specifies that the username following should be +\fIdisabled\fP in the local \fBsmbpasswd\fP file\&. +This is done by writing a \fI\'D\'\fP flag into the account control space +in the \fBsmbpasswd\fP file\&. Once this is done +all attempts to authenticate via SMB using this username will fail\&. +.IP +If the \fBsmbpasswd\fP file is in the \'old\' +format (pre-Samba 2\&.0 format) there is no space in the users password +entry to write this information and so the user is disabled by writing +\'X\' characters into the password space in the +\fBsmbpasswd\fP file\&. See \fBsmbpasswd +(5)\fP for details on the \'old\' and new password file +formats\&. +.IP +This option is only available when running \fBsmbpasswd\fP as root\&. +.IP +.IP "\fB-e\fP" +This option specifies that the username following should be +\fIenabled\fP in the local \fBsmbpasswd\fP file, +if the account was previously disabled\&. If the account was not +disabled this option has no effect\&. Once the account is enabled +then the user will be able to authenticate via SMB once again\&. +.IP +If the smbpasswd file is in the \'old\' format then \fBsmbpasswd\fP will +prompt for a new password for this user, otherwise the account will be +enabled by removing the \fI\'D\'\fP flag from account control space in the +\fBsmbpasswd\fP file\&. See \fBsmbpasswd +(5)\fP for details on the \'old\' and new password file +formats\&. +.IP +This option is only available when running \fBsmbpasswd\fP as root\&. +.IP +.IP "\fB-D debuglevel\fP" +debuglevel is an integer from 0 +to 10\&. The default value if this parameter is not specified is zero\&. +.IP +The higher this value, the more detail will be logged to the log files +about the activities of smbpasswd\&. At level 0, only critical errors +and serious warnings will be logged\&. +.IP +Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem\&. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic\&. +.IP +.IP "\fB-n\fP" +This option specifies that the username following should +have their password set to null (i\&.e\&. a blank password) in the local +\fBsmbpasswd\fP file\&. This is done by writing the +string "NO PASSWORD" as the first part of the first password stored in +the \fBsmbpasswd\fP file\&. +.IP +Note that to allow users to logon to a Samba server once the password +has been set to "NO PASSWORD" in the +\fBsmbpasswd\fP file the administrator must set +the following parameter in the [global] section of the +\fBsmb\&.conf\fP file : +.IP null passwords = true - -This is -.B NOT -recommended as a general policy, it is recommended that -new users be assigned a default password instead. - -The -.I \-a -and -.I username -options can only be used by a user running as root. - -.SH OPTIONS -.I \-a - -.RS 3 -Specifies that the username following should be added to -the -.I smbpasswd -file, with the new password typed (type for the -old password). This option is ignored if the username -following already exists in the -.I smbpasswd -file and it is treated like a regular change password -command. Note that the user to be added -.B must -already exist in the system password file (usually /etc/passwd) -else the request to add the user will fail. - -.RE -.I username - -.RS 3 -You may only specify a username to the smbpasswd command -if you are running as root. Only root should have the -permission to modify other users smb passwords. - -.RE -.RE -.SH INSTALLATION - -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B smbpasswd -program be installed in the /usr/local/samba/bin directory. This should be -a directory readable by all, writeable only by root. The program should be -executable by all. The program -.B must not -be setuid root. - -.SH VERSION - -This man page is correct for version 1.9.18p4 of the Samba suite. -These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.BR smbd (8), -.BR smb.conf (5) -.SH -.B BUGS - -.RE -The -.B smbpasswd -command is only useful if -.I Samba -has been set up to use encrypted passwords. See the file -.I ENCRYPTION.txt -in the docs directory for details on how to do this. - -.SH CREDITS -.RE -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@samba.anu.edu.au). Andrew is also the Keeper -of the Source for this project. smbpasswd and the encrypted password -file code was written by Jeremy Allison (samba-bugs@samba.anu.edu.au). - -This man page was written by Jeremy Allison. Bug reports to samba-bugs@samba.anu.edu.au. - -See -.BR smb.conf (5) -for a full list of contributors and details of how to -submit bug reports, comments etc. +.IP +This option is only available when running \fBsmbpasswd\fP as root\&. +.IP +.IP "\fB-r remote machine name\fP" +This option allows a +user to specify what machine they wish to change their password +on\&. Without this parameter \fBsmbpasswd\fP defaults to the local +host\&. The \fI"remote machine name"\fP is the NetBIOS name of the +SMB/CIFS server to contact to attempt the password change\&. This name +is resolved into an IP address using the standard name resolution +mechanism in all programs of the \fBSamba\fP +suite\&. See the \fB-R name resolve order\fP parameter for details on changing this resolving +mechanism\&. +.IP +The username whose password is changed is that of the current UNIX +logged on user\&. See the \fB-U username\fP +parameter for details on changing the password for a different +username\&. +.IP +Note that if changing a Windows NT Domain password the remote machine +specified must be the Primary Domain Controller for the domain (Backup +Domain Controllers only have a read-only copy of the user account +database and will not allow the password change)\&. +.IP +.IP "\fB-R name resolve order\fP" +This option allows the user of +smbclient to determine what name resolution services to use when +looking up the NetBIOS name of the host being connected to\&. +.IP +The options are :"lmhosts", "host", +"wins" and "bcast"\&. They cause names to be +resolved as follows : +.IP +.IP +.IP o +\fBlmhosts\fP : Lookup an IP address in the Samba lmhosts file\&. +.IP +.IP o +\fBhost\fP : Do a standard host name to IP address resolution, +using the system /etc/hosts, NIS, or DNS lookups\&. This method of name +resolution is operating system depended for instance on IRIX or +Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fP file)\&. +.IP +.IP o +\fBwins\fP : Query a name with the IP address listed in the \fBwins +server\fP parameter in the smb\&.conf file\&. If +no WINS server has been specified this method will be ignored\&. +.IP +.IP o +\fBbcast\fP : Do a broadcast on each of the known local interfaces +listed in the \fBinterfaces\fP parameter +in the smb\&.conf file\&. This is the least reliable of the name resolution +methods as it depends on the target host being on a locally connected +subnet\&. +.IP +.IP +If this parameter is not set then the name resolver order defined +in the \fBsmb\&.conf\fP file parameter +\fBname resolve order\fP +will be used\&. +.IP +The default order is lmhosts, host, wins, bcast and without this +parameter or any entry in the \fBsmb\&.conf\fP +file the name resolution methods will be attempted in this order\&. +.IP +.IP "\fB-m\fP" +This option tells \fBsmbpasswd\fP that the account being +changed is a \fIMACHINE\fP account\&. Currently this is used when Samba is +being used as an NT Primary Domain Controller\&. PDC support is not a +supported feature in Samba2\&.0 but will become supported in a later +release\&. If you wish to know more about using Samba as an NT PDC then +please subscribe to the mailing list +\fIsamba-ntdom@samba\&.anu\&.edu\&.au\fP\&. +.IP +This option is only available when running \fBsmbpasswd\fP as root\&. +.IP +.IP "\fB-j DOMAIN\fP" +This option is used to add a Samba server into a +Windows NT Domain, as a Domain member capable of authenticating user +accounts to any Domain Controller in the same way as a Windows NT +Server\&. See the \fBsecurity=domain\fP +option in the \fBsmb\&.conf (5)\fP man page\&. +.IP +In order to be used in this way, the Administrator for the Windows +NT Domain must have used the program \fI"Server Manager for Domains"\fP +to add the primary NetBIOS name of +the Samba server as a member of the Domain\&. +.IP +After this has been done, to join the Domain invoke \fBsmbpasswd\fP with +this parameter\&. \fBsmbpasswd\fP will then look up the Primary Domain +Controller for the Domain (found in the +\fBsmb\&.conf\fP file in the parameter +\fBpassword server\fP and change +the machine account password used to create the secure Domain +communication\&. This password is then stored by \fBsmbpasswd\fP in a +file, read only by root, called \f(CW\&.\&.mac\fP where +\f(CW\fP is the name of the Domain we are joining and tt +is the primary NetBIOS name of the machine we are running on\&. +.IP +Once this operation has been performed the +\fBsmb\&.conf\fP file may be updated to set the +\fBsecurity=domain\fP option and all +future logins to the Samba server will be authenticated to the Windows +NT PDC\&. +.IP +Note that even though the authentication is being done to the PDC all +users accessing the Samba server must still have a valid UNIX account +on that machine\&. +.IP +This option is only available when running \fBsmbpasswd\fP as root\&. +.IP +.IP "\fB-U username\fP" +This option may only be used in +conjunction with the \fB-r\fP +option\&. When changing a password on a remote machine it allows the +user to specify the user name on that machine whose password will be +changed\&. It is present to allow users who have different user names on +different systems to change these passwords\&. +.IP +.IP "\fB-h\fP" +This option prints the help string for \fBsmbpasswd\fP, +selecting the correct one for running as root or as an ordinary user\&. +.IP +.IP "\fB-s\fP" +This option causes \fBsmbpasswd\fP to be silent (ie\&. not +issue prompts) and to read it\'s old and new passwords from standard +input, rather than from \f(CW/dev/tty\fP (like the \fBpasswd (1)\fP program +does)\&. This option is to aid people writing scripts to drive \fBsmbpasswd\fP +.IP +dir(\fBusername\fP) This specifies the username for all of the \fIroot +only\fP options to operate on\&. Only root can specify this parameter as +only root has the permission needed to modify attributes directly +in the local \fBsmbpasswd\fP file\&. +.IP +.SH "NOTES" +.IP +As \fBsmbpasswd\fP works in client-server mode communicating with a +local \fBsmbd\fP for a non-root user then the \fBsmbd\fP +daemon must be running for this to work\&. A common problem is to add a +restriction to the hosts that may access the \fBsmbd\fP running on the +local machine by specifying a \fB"allow +hosts"\fP or \fB"deny +hosts"\fP entry in the +\fBsmb\&.conf\fP file and neglecting to allow +\fI"localhost"\fP access to the \fBsmbd\fP\&. +.IP +In addition, the \fBsmbpasswd\fP command is only useful if \fBSamba\fP has +been set up to use encrypted passwords\&. See the file \fBENCRYPTION\&.txt\fP +in the docs directory for details on how to do this\&. +.IP +.SH "VERSION" +.IP +This man page is correct for version 2\&.0 of the Samba suite\&. +.IP +.SH "AUTHOR" +.IP +The original Samba software and related utilities were created by +Andrew Tridgell \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.IP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.IP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. -- cgit