--- /dev/null
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>pdbedit</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="pdbedit.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pdbedit — manage the SAM database (Database of Samba Users)</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pdbedit</code> [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-m] [-r] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] [-C value] [-c account-control]</p></div></div><div class="refsect1" lang="en"><a name="id2450710"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The pdbedit program is used to manage the users accounts
+ stored in the sam database and can only be run by root.</p><p>The pdbedit tool uses the passdb modular interface and is
+ independent from the kind of users database used (currently there
+ are smbpasswd, ldap, nis+ and tdb based and more can be added
+ without changing the tool).</p><p>There are five main ways to use pdbedit: adding a user account,
+ removing a user account, modifing a user account, listing user
+ accounts, importing users accounts.</p></div><div class="refsect1" lang="en"><a name="id2450747"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-L</span></dt><dd><p>This option lists all the user accounts
+ present in the users database.
+ This option prints a list of user/uid pairs separated by
+ the ':' character.</p><p>Example: <span><strong class="command">pdbedit -L</strong></span></p><pre class="programlisting">
+sorce:500:Simo Sorce
+samba:45:Test User
+</pre></dd><dt><span class="term">-v</span></dt><dd><p>This option enables the verbose listing format.
+ It causes pdbedit to list the users in the database, printing
+ out the account fields in a descriptive format.</p><p>Example: <span><strong class="command">pdbedit -L -v</strong></span></p><pre class="programlisting">
+---------------
+username: sorce
+user ID/Group: 500/500
+user RID/GRID: 2000/2001
+Full Name: Simo Sorce
+Home Directory: \\BERSERKER\sorce
+HomeDir Drive: H:
+Logon Script: \\BERSERKER\netlogon\sorce.bat
+Profile Path: \\BERSERKER\profile
+---------------
+username: samba
+user ID/Group: 45/45
+user RID/GRID: 1090/1091
+Full Name: Test User
+Home Directory: \\BERSERKER\samba
+HomeDir Drive:
+Logon Script:
+Profile Path: \\BERSERKER\profile
+</pre></dd><dt><span class="term">-w</span></dt><dd><p>This option sets the "smbpasswd" listing format.
+ It will make pdbedit list the users in the database, printing
+ out the account fields in a format compatible with the
+ <code class="filename">smbpasswd</code> file format. (see the
+ <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> for details)</p><p>Example: <span><strong class="command">pdbedit -L -w</strong></span></p><pre class="programlisting">
+sorce:500:508818B733CE64BEAAD3B435B51404EE:
+ D2A2418EFC466A8A0F6B1DBB5C3DB80C:
+ [UX ]:LCT-00000000:
+samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
+ BC281CE3F53B6A5146629CD4751D3490:
+ [UX ]:LCT-3BFA1E8D:
+</pre></dd><dt><span class="term">-u username</span></dt><dd><p>This option specifies the username to be
+ used for the operation requested (listing, adding, removing).
+ It is <span class="emphasis"><em>required</em></span> in add, remove and modify
+ operations and <span class="emphasis"><em>optional</em></span> in list
+ operations.</p></dd><dt><span class="term">-f fullname</span></dt><dd><p>This option can be used while adding or
+ modifing a user account. It will specify the user's full
+ name. </p><p>Example: <span><strong class="command">-f "Simo Sorce"</strong></span></p></dd><dt><span class="term">-h homedir</span></dt><dd><p>This option can be used while adding or
+ modifing a user account. It will specify the user's home
+ directory network path.</p><p>Example: <span><strong class="command">-h "\\\\BERSERKER\\sorce"</strong></span>
+ </p></dd><dt><span class="term">-D drive</span></dt><dd><p>This option can be used while adding or
+ modifing a user account. It will specify the windows drive
+ letter to be used to map the home directory.</p><p>Example: <span><strong class="command">-d "H:"</strong></span>
+ </p></dd><dt><span class="term">-S script</span></dt><dd><p>This option can be used while adding or
+ modifing a user account. It will specify the user's logon
+ script path.</p><p>Example: <span><strong class="command">-S "\\\\BERSERKER\\netlogon\\sorce.bat"</strong></span>
+ </p></dd><dt><span class="term">-p profile</span></dt><dd><p>This option can be used while adding or
+ modifing a user account. It will specify the user's profile
+ directory.</p><p>Example: <span><strong class="command">-p "\\\\BERSERKER\\netlogon"</strong></span>
+ </p></dd><dt><span class="term">-G SID|rid</span></dt><dd><p>
+ This option can be used while adding or modifying a user account. It
+ will specify the users' new primary group SID (Security Identifier) or
+ rid. </p><p>Example: <span><strong class="command">-G S-1-5-21-2447931902-1787058256-3961074038-1201</strong></span></p></dd><dt><span class="term">-U SID|rid</span></dt><dd><p>
+ This option can be used while adding or modifying a user account. It
+ will specify the users' new SID (Security Identifier) or
+ rid. </p><p>Example: <span><strong class="command">-U S-1-5-21-2447931902-1787058256-3961074038-5004</strong></span></p></dd><dt><span class="term">-c account-control</span></dt><dd><p>This option can be used while adding or modifying a user
+ account. It will specify the users' account control property. Possible flags are listed below.
+ </p><p>
+ </p><div class="itemizedlist"><ul type="disc"><li><p>N: No password required</p></li><li><p>D: Account disabled</p></li><li><p>H: Home directory required</p></li><li><p>T: Temporary duplicate of other account</p></li><li><p>U: Regular user account</p></li><li><p>M: MNS logon user account</p></li><li><p>W: Workstation Trust Account</p></li><li><p>S: Server Trust Account</p></li><li><p>L: Automatic Locking</p></li><li><p>X: Password does not expire</p></li><li><p>I: Domain Trust Account</p></li></ul></div><p>
+ </p><p>Example: <span><strong class="command">-c "[X ]"</strong></span></p></dd><dt><span class="term">-a</span></dt><dd><p>This option is used to add a user into the
+ database. This command needs a user name specified with
+ the -u switch. When adding a new user, pdbedit will also
+ ask for the password to be used.</p><p>Example: <span><strong class="command">pdbedit -a -u sorce</strong></span>
+</p><pre class="programlisting">new password:
+retype new password
+</pre><p>
+</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>pdbedit does not call the unix password syncronisation
+ script if <a class="indexterm" name="id2451450"></a>unix password sync
+ has been set. It only updates the data in the Samba
+ user database.
+ </p><p>If you wish to add a user and synchronise the password
+ that immediately, use <span><strong class="command">smbpasswd</strong></span>'s <code class="option">-a</code> option.
+ </p></div></dd><dt><span class="term">-r</span></dt><dd><p>This option is used to modify an existing user
+ in the database. This command needs a user name specified with the -u
+ switch. Other options can be specified to modify the properties of
+ the specified user. This flag is kept for backwards compatibility, but
+ it is no longer necessary to specify it.
+ </p></dd><dt><span class="term">-m</span></dt><dd><p>This option may only be used in conjunction
+ with the <em class="parameter"><code>-a</code></em> option. It will make
+ pdbedit to add a machine trust account instead of a user
+ account (-u username will provide the machine name).</p><p>Example: <span><strong class="command">pdbedit -a -m -u w2k-wks</strong></span>
+ </p></dd><dt><span class="term">-x</span></dt><dd><p>This option causes pdbedit to delete an account
+ from the database. It needs a username specified with the
+ -u switch.</p><p>Example: <span><strong class="command">pdbedit -x -u bob</strong></span></p></dd><dt><span class="term">-i passdb-backend</span></dt><dd><p>Use a different passdb backend to retrieve users
+ than the one specified in smb.conf. Can be used to import data into
+ your local user database.</p><p>This option will ease migration from one passdb backend to
+ another.</p><p>Example: <span><strong class="command">pdbedit -i smbpasswd:/etc/smbpasswd.old
+ </strong></span></p></dd><dt><span class="term">-e passdb-backend</span></dt><dd><p>Exports all currently available users to the
+ specified password database backend.</p><p>This option will ease migration from one passdb backend to
+ another and will ease backing up.</p><p>Example: <span><strong class="command">pdbedit -e smbpasswd:/root/samba-users.backup</strong></span></p></dd><dt><span class="term">-g</span></dt><dd><p>If you specify <em class="parameter"><code>-g</code></em>,
+ then <em class="parameter"><code>-i in-backend -e out-backend</code></em>
+ applies to the group mapping instead of the user database.</p><p>This option will ease migration from one passdb backend to
+ another and will ease backing up.</p></dd><dt><span class="term">-b passdb-backend</span></dt><dd><p>Use a different default passdb backend. </p><p>Example: <span><strong class="command">pdbedit -b xml:/root/pdb-backup.xml -l</strong></span></p></dd><dt><span class="term">-P account-policy</span></dt><dd><p>Display an account policy</p><p>Valid policies are: minimum password age, reset count minutes, disconnect time,
+ user must logon to change password, password history, lockout duration, min password length,
+ maximum password age and bad lockout attempt.</p><p>Example: <span><strong class="command">pdbedit -P "bad lockout attempt"</strong></span></p><pre class="programlisting">
+account policy value for bad lockout attempt is 0
+</pre></dd><dt><span class="term">-C account-policy-value</span></dt><dd><p>Sets an account policy to a specified value.
+ This option may only be used in conjunction
+ with the <em class="parameter"><code>-P</code></em> option.
+ </p><p>Example: <span><strong class="command">pdbedit -P "bad lockout attempt" -C 3</strong></span></p><pre class="programlisting">
+account policy value for bad lockout attempt was 0
+account policy value for bad lockout attempt is now 3
+</pre></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
+</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the program version number.
+</p></dd><dt><span class="term">-s <configuration file></span></dt><dd><p>The file specified contains the
+configuration details required by the server. The
+information in this file includes server-specific
+information such as what printcap file to use, as well
+as descriptions of all the services that the server is
+to provide. See <code class="filename">smb.conf</code> for more information.
+The default configuration file name is determined at
+compile time.</p></dd><dt><span class="term">-d|--debuglevel=level</span></dt><dd><p><em class="replaceable"><code>level</code></em> is an integer
+from 0 to 10. The default value if this parameter is
+not specified is zero.</p><p>The higher this value, the more detail will be
+logged to the log files about the activities of the
+server. At level 0, only critical errors and serious
+warnings will be logged. Level 1 is a reasonable level for
+day-to-day running - it generates a small amount of
+information about operations carried out.</p><p>Levels above 1 will generate considerable
+amounts of log data, and should only be used when
+investigating a problem. Levels above 3 are designed for
+use only by developers and generate HUGE amounts of log
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will
+override the <a class="indexterm" name="id2498444"></a> parameter
+in the <code class="filename">smb.conf</code> file.</p></dd><dt><span class="term">-l|--logfile=logdirectory</span></dt><dd><p>Base directory name for log/debug files. The extension
+<code class="constant">".progname"</code> will be appended (e.g. log.smbclient,
+log.smbd, etc...). The log file is never removed by the client.
+</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2498478"></a><h2>NOTES</h2><p>This command may be used only by root.</p></div><div class="refsect1" lang="en"><a name="id2498489"></a><h2>VERSION</h2><p>This man page is correct for version 3.0 of
+ the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2498500"></a><h2>SEE ALSO</h2><p><a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>, <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a></p></div><div class="refsect1" lang="en"><a name="id2498524"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</p><p>The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij.</p></div></div></body></html>
projects / samba / blobdiff