.\"Generated by db2man.xsl. Don't modify this, modify the source. .de Sh \" Subsection .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .TH "NET" 8 "" "" "" .SH NAME net \- Tool for administration of Samba and remote CIFS servers. .SH "SYNOPSIS" .nf \fBnet\fR {} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-D debuglevel] .fi .SH "DESCRIPTION" .PP This tool is part of the \fBSamba\fR(7) suite\&. .PP The samba net utility is meant to work just like the net utility available for windows and DOS\&. The first argument should be used to specify the protocol to use when executing a certain command\&. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000\&. If this argument is omitted, net will try to determine it automatically\&. Not all commands are available on all protocols\&. .SH "OPTIONS" .TP -h|--help Print a summary of command line options\&. .TP -w target-workgroup Sets target workgroup or domain\&. You have to specify either this option or the IP address or the name of a server\&. .TP -W workgroup Sets client workgroup or domain .TP -U user User name to use .TP -I ip-address IP address of target server to use\&. You have to specify either this option or a target workgroup or a target server\&. .TP -p port Port on the target server to connect to (usually 139 or 445)\&. Defaults to trying 445 first, then 139\&. .TP -n This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&. .TP -s The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP -S server Name of target server\&. You should specify either this option or a target workgroup or a target IP address\&. .TP -l When listing data, give more information on each item\&. .TP -P Make queries to the external server using the machine account of the local server\&. .TP -d|--debug=debuglevel \fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&. The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out\&. Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .SH "COMMANDS" .SS "CHANGESECRETPW" .PP This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory\&. DO NOT USE this command unless you know exactly what you are doing\&. The use of this command requires that the force flag (-f) be used also\&. There will be NO command prompt\&. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password\&. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning\&. YOU HAVE BEEN WARNED\&. .SS "TIME" .PP The \fBNET TIME\fR command allows you to view the time on a remote server or synchronise the time on the local server with the time on the remote server\&. .PP Without any options, the \fBNET TIME\fR command displays the time on the remote server\&. .PP Displays the time on the remote server in a format ready for \fB/bin/date\fR .PP Tries to set the date and time of the local server to that on the remote server using \fB/bin/date\fR\&. .PP Displays the timezone in hours from GMT on the remote computer\&. .SS "[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]" .PP Join a domain\&. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically\&. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created\&. .PP [TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain\&. .SS "[RPC] OLDJOIN [options]" .PP Join a domain\&. Use the OLDJOIN option to join the domain using the old style of domain joining - you need to create a trust account in server manager first\&. .SS "[RPC|ADS] USER" .PP Delete specified user .PP List all users .PP List the domain groups of a the specified user\&. .PP Add specified user\&. .SS "[RPC|ADS] GROUP" .PP List user groups\&. .PP Delete specified group\&. .PP Create specified group\&. .SS "[RAP|RPC] SHARE" .PP Enumerates all exported resources (network shares) on target server\&. .PP Adds a share from a server (makes the export active)\&. Maxusers specifies the number of users that can be connected to the share simultaneously\&. .PP Delete specified share\&. .SS "[RPC|RAP] FILE" .PP List all open files on remote server\&. .PP Close file with specified \fIfileid\fR on remote server\&. .PP Print information on specified \fIfileid\fR\&. Currently listed are: file-id, username, locks, path, permissions\&. .RS .Sh "Note" .PP Currently NOT implemented\&. .RE .SS "SESSION" .PP Without any other options, SESSION enumerates all active SMB/CIFS sessions on the target server\&. .PP Close the specified sessions\&. .PP Give a list with all the open files in specified session\&. .SS "RAP SERVER DOMAIN" .PP List all servers in specified domain or workgroup\&. Defaults to local domain\&. .SS "RAP DOMAIN" .PP Lists all domains and workgroups visible on the current network\&. .SS "RAP PRINTQ" .PP Lists the specified print queue and print jobs on the server\&. If the \fIQUEUE_NAME\fR is omitted, all queues are listed\&. .PP Delete job with specified id\&. .SS "RAP VALIDATE user [password]" .PP Validate whether the specified user can log in to the remote server\&. If the password is not specified on the commandline, it will be prompted\&. .RS .Sh "Note" .PP Currently NOT implemented\&. .RE .SS "RAP GROUPMEMBER" .PP List all members of the specified group\&. .PP Delete member from group\&. .PP Add member to group\&. .SS "RAP ADMIN command" .PP Execute the specified \fIcommand\fR on the remote server\&. Only works with OS/2 servers\&. .RS .Sh "Note" .PP Currently NOT implemented\&. .RE .SS "RAP SERVICE" .PP Start the specified service on the remote server\&. Not implemented yet\&. .RS .Sh "Note" .PP Currently NOT implemented\&. .RE .PP Stop the specified service on the remote server\&. .RS .Sh "Note" .PP Currently NOT implemented\&. .RE .SS "RAP PASSWORD USER OLDPASS NEWPASS" .PP Change password of \fIUSER\fR from \fIOLDPASS\fR to \fINEWPASS\fR\&. .SS "LOOKUP" .PP Lookup the IP address of the given host with the specified type (netbios suffix)\&. The type defaults to 0x20 (workstation)\&. .PP Give IP address of LDAP server of specified \fIDOMAIN\fR\&. Defaults to local domain\&. .PP Give IP address of KDC for the specified \fIREALM\fR\&. Defaults to local realm\&. .PP Give IP's of Domain Controllers for specified \fI DOMAIN\fR\&. Defaults to local domain\&. .PP Give IP of master browser for specified \fIDOMAIN\fR or workgroup\&. Defaults to local domain\&. .SS "CACHE" .PP Samba uses a general caching interface called 'gencache'\&. It can be controlled using 'NET CACHE'\&. .PP All the timeout parameters support the suffixes: s - Secondsm - Minutesh - Hoursd - Daysw - Weeks .PP Add specified key+data to the cache with the given timeout\&. .PP Delete key from the cache\&. .PP Update data of existing cache entry\&. .PP Search for the specified pattern in the cache data\&. .PP List all current items in the cache\&. .PP Remove all the current items from the cache\&. .SS "GETLOCALSID [DOMAIN]" .PP Print the SID of the specified domain, or if the parameter is omitted, the SID of the domain the local server is in\&. .SS "SETLOCALSID S-1-5-21-x-y-z" .PP Sets domain sid for the local server to the specified SID\&. .SS "GROUPMAP" .PP Manage the mappings between Windows group SIDs and UNIX groups\&. Parameters take the for "parameter=value"\&. Common options include: .TP 3 \(bu unixgroup - Name of the UNIX group .TP \(bu ntgroup - Name of the Windows NT group (must be resolvable to a SID .TP \(bu rid - Unsigned 32-bit integer .TP \(bu sid - Full SID in the form of "S-1-\&.\&.\&." .TP \(bu type - Type of the group; either 'domain', 'local', or 'builtin' .TP \(bu comment - Freeform text description of the group .LP .PP Add a new group mapping entry .PP net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local|builtin}] [ntgroup=string] [comment=string] .PP Delete a group mapping entry .PP net groupmap delete {ntgroup=string|sid=SID} .PP Update en existing group entry .PP net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local} .PP List existing group mapping entries .PP net groupmap list [verbose] [ntgroup=string] [sid=SID] .SS "MAXRID" .PP Prints out the highest RID currently in use on the local server (by the active 'passdb backend')\&. .SS "RPC INFO" .PP Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups\&. .SS "[RPC|ADS] TESTJOIN" .PP Check whether participation in a domain is still valid\&. .SS "[RPC|ADS] CHANGETRUSTPW" .PP Force change of domain trust password\&. .SS "RPC TRUSTDOM" .PP Add a interdomain trust account for \fIDOMAIN\fR to the remote server\&. .PP Remove interdomain trust account for \fIDOMAIN\fR from the remote server\&. .RS .Sh "Note" .PP Currently NOT implemented\&. .RE .PP Establish a trust relationship to a trusting domain\&. Interdomain account must already be created on the remote PDC\&. .PP Abandon relationship to trusted domain .PP List all current interdomain trust relationships\&. .SS "RPC ABORTSHUTDOWN" .PP Abort the shutdown of a remote server\&. .SS "SHUTDOWN [-t timeout] [-r] [-f] [-C message]" .PP Shut down the remote server\&. .TP -r Reboot after shutdown\&. .TP -f Force shutting down all applications\&. .TP -t timeout Timeout before system will be shut down\&. An interactive user of the system can use this time to cancel the shutdown\&. .TP -C message Display the specified message on the screen to announce the shutdown\&. .SS "SAMDUMP" .PP Print out sam database of remote server\&. You need to run this on either a BDC\&. .SS "VAMPIRE" .PP Export users, aliases and groups from remote server to local server\&. Can only be run an a BDC\&. .SS "GETSID" .PP Fetch domain SID and store it in the local \fIsecrets\&.tdb\fR\&. .SS "ADS LEAVE" .PP Make the remote host leave the domain it is part of\&. .SS "ADS STATUS" .PP Print out status of machine account of the local machine in ADS\&. Prints out quite some debug info\&. Aimed at developers, regular users should use \fBNET ADS TESTJOIN\fR\&. .SS "ADS PRINTER" .PP Lookup info for \fIPRINTER\fR on \fISERVER\fR\&. The printer name defaults to "*", the server name defaults to the local host\&. .PP Publish specified printer using ADS\&. .PP Remove specified printer from ADS directory\&. .SS "ADS SEARCH EXPRESSION ATTRIBUTES..." .PP Perform a raw LDAP search on a ADS server and dump the results\&. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results\&. .PP Example: \fBnet ads search '(objectCategory=group)' sAMAccountName\fR .SS "ADS DN DN (attributes)" .PP Perform a raw LDAP search on a ADS server and dump the results\&. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result\&. .PP Example: \fBnet ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName\fR .SS "WORKGROUP" .PP Print out workgroup name for specified kerberos realm\&. .SS "HELP [COMMAND]" .PP Gives usage information for the specified command\&. .SH "VERSION" .PP This man page is complete for version 3\&.0 of the Samba suite\&. .SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. .PP The net manpage was written by Jelmer Vernooij\&.