docs-xml/manpages/samba-tool.8.xml

   1 <?xml version="1.0" encoding="iso-8859-1"?>
   2 <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
   3 <refentry id="samba-tool.8">
   4
   5 <refmeta>
   6         <refentrytitle>samba-tool</refentrytitle>
   7         <manvolnum>8</manvolnum>
   8         <refmiscinfo class="source">Samba</refmiscinfo>
   9         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
  10         <refmiscinfo class="version">4.0</refmiscinfo>
  11 </refmeta>
  12
  13
  14 <refnamediv>
  15         <refname>samba-tool</refname>
  16         <refpurpose>Main Samba administration tool.
  17         </refpurpose>
  18 </refnamediv>
  19
  20 <refsynopsisdiv>
  21         <cmdsynopsis>
  22                 <command>samba-tool</command>
  23                 <arg choice="opt">-h</arg>
  24                 <arg choice="opt">-W myworkgroup</arg>
  25                 <arg choice="opt">-U user</arg>
  26                 <arg choice="opt">-d debuglevel</arg>
  27                 <arg choice="opt">--v</arg>
  28         </cmdsynopsis>
  29 </refsynopsisdiv>
  30
  31 <refsect1>
  32         <title>DESCRIPTION</title>
  33         <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
  34         <manvolnum>7</manvolnum></citerefentry> suite.</para>
  35 </refsect1>
  36
  37 <refsect1>
  38         <title>OPTIONS</title>
  39
  40         <variablelist>
  41
  42         <varlistentry>
  43         <term>-h|--help</term>
  44         <listitem><para>
  45         Show this help message and exit
  46         </para></listitem>
  47         </varlistentry>
  48
  49         <varlistentry>
  50         <term>-s FILE|--configfile=FILE</term>
  51         <listitem><para>
  52         Configuration file
  53         </para></listitem>
  54         </varlistentry>
  55
  56         <varlistentry>
  57         <term>-d DEBUGLEVEL|--debuglevel=DEBUGLEVEL</term>
  58         <listitem><para>
  59         Debug Level
  60         </para></listitem>
  61         </varlistentry>
  62
  63         <varlistentry>
  64         <term>--option=OPTION</term>
  65         <listitem><para>
  66         Set smb.conf option from command line
  67         </para></listitem>
  68         </varlistentry>
  69
  70         <varlistentry>
  71         <term>--realm=REALM</term>
  72         <listitem><para>
  73         Set the realm name
  74         </para></listitem>
  75         </varlistentry>
  76
  77         <varlistentry>
  78         <term>--simple-bind-dn=DN</term>
  79         <listitem><para>
  80         DN to use for a simple bind
  81         </para></listitem>
  82         </varlistentry>
  83
  84         <varlistentry>
  85         <term>--password=PASSWORD</term>
  86         <listitem><para>
  87         Password
  88         </para></listitem>
  89         </varlistentry>
  90
  91         <varlistentry>
  92         <term>-U USERNAME|--username=USERNAME</term>
  93         <listitem><para>
  94         Username
  95         </para></listitem>
  96         </varlistentry>
  97
  98         <varlistentry>
  99         <term>-W WORKGROUP|--workgroup=WORKGROUP</term>
 100         <listitem><para>
 101         Workgroup
 102         </para></listitem>
 103         </varlistentry>
 104
 105         <varlistentry>
 106         <term>-N|--no-pass</term>
 107         <listitem><para>
 108         Don't ask for a password
 109         </para></listitem>
 110         </varlistentry>
 111
 112         <varlistentry>
 113         <term>-k KERBEROS|--kerberos=KERBEROS</term>
 114         <listitem><para>
 115         Use Kerberos
 116         </para></listitem>
 117         </varlistentry>
 118
 119         <varlistentry>
 120         <term>--ipaddress=IPADDRESS</term>
 121         <listitem><para>
 122         IP address of the server
 123         </para></listitem>
 124         </varlistentry>
 125
 126         <varlistentry>
 127         <term>--version</term>
 128         <listitem><para>
 129         Display version number
 130         </para></listitem>
 131         </varlistentry>
 132
 133         </variablelist>
 134 </refsect1>
 135
 136 <refsect1>
 137 <title>COMMANDS</title>
 138
 139 <refsect2>
 140         <title>dbcheck</title>
 141         <para>Check the local AD database for errors.</para>
 142 </refsect2>
 143
 144 <refsect2>
 145         <title>delegation</title>
 146         <para>Manage Delegations.</para>
 147 </refsect2>
 148
 149 <refsect3>
 150         <title>delegation add-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title>
 151         <para>Add a service principal as msDS-AllowedToDelegateTo.</para>
 152 </refsect3>
 153
 154 <refsect3>
 155         <title>delegation del-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title>
 156         <para>Delete a service principal as msDS-AllowedToDelegateTo.</para>
 157 </refsect3>
 158
 159 <refsect3>
 160         <title>delegation for-any-protocol <replaceable>accountname</replaceable> [(on|off)] [options]</title>
 161         <para>Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy)
 162         for an account.</para>
 163 </refsect3>
 164
 165 <refsect3>
 166         <title>delegation for-any-service <replaceable>accountname</replaceable> [(on|off)] [options]</title>
 167         <para>Set/unset UF_TRUSTED_FOR_DELEGATION for an account.</para>
 168 </refsect3>
 169
 170 <refsect3>
 171         <title>delegation show <replaceable>accountname</replaceable> [options] </title>
 172         <para>Show the delegation setting of an account.</para>
 173 </refsect3>
 174
 175 <refsect2>
 176         <title>dns</title>
 177         <para>Manage Domain Name Service (DNS).</para>
 178 </refsect2>
 179
 180 <refsect3>
 181         <title>dns add <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title>
 182         <para>Add a DNS record.</para>
 183 </refsect3>
 184
 185 <refsect3>
 186         <title>dns delete <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title>
 187         <para>Delete a DNS record.</para>
 188 </refsect3>
 189
 190 <refsect3>
 191         <title>dns query <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT|ALL</replaceable> [options] <replaceable>data</replaceable></title>
 192         <para>Query a name.</para>
 193 </refsect3>
 194
 195 <refsect3>
 196         <title>dns roothints <replaceable>server</replaceable> [<replaceable>name</replaceable>] [options]</title>
 197         <para>Query root hints.</para>
 198 </refsect3>
 199
 200 <refsect3>
 201         <title>dns serverinfo <replaceable>server</replaceable> [options]</title>
 202         <para>Query server information.</para>
 203 </refsect3>
 204
 205 <refsect3>
 206         <title>dns update <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>olddata</replaceable> <replaceable>newdata</replaceable></title>
 207         <para>Update a DNS record.</para>
 208 </refsect3>
 209
 210 <refsect3>
 211         <title>dns zonecreate <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
 212         <para>Create a zone.</para>
 213 </refsect3>
 214
 215 <refsect3>
 216         <title>dns zonedelete <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
 217         <para>Delete a zone.</para>
 218 </refsect3>
 219
 220 <refsect3>
 221         <title>dns zoneinfo <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title>
 222         <para>Query zone information.</para>
 223 </refsect3>
 224
 225 <refsect3>
 226         <title>dns zonelist <replaceable>server</replaceable> [options]</title>
 227         <para>List zones.</para>
 228 </refsect3>
 229
 230 <refsect2>
 231         <title>domain</title>
 232         <para>Manage Domain.</para>
 233 </refsect2>
 234
 235 <refsect3>
 236         <title>domain classicupgrade [options] <replaceable>classic_smb_conf</replaceable></title>
 237         <para>Upgrade from Samba classic (NT4-like) database to Samba AD DC
 238         database.</para>
 239 </refsect3>
 240
 241 <refsect3>
 242         <title>domain dcpromo <replaceable>dnsdomain</replaceable> [DC|RODC] [options]</title>
 243         <para>Promote an existing domain member or NT4 PDC to an AD DC.</para>
 244 </refsect3>
 245
 246 <refsect3>
 247         <title>domain demote</title>
 248         <para>Demote ourselves from the role of domain controller.</para>
 249 </refsect3>
 250
 251 <refsect3>
 252         <title>domain exportkeytab <replaceable>keytab</replaceable> [options]</title>
 253         <para>Dumps Kerberos keys of the domain into a keytab.</para>
 254 </refsect3>
 255
 256 <refsect3>
 257         <title>domain info <replaceable>ip_address</replaceable> [options]</title>
 258         <para>Print basic info about a domain and the specified DC.
 259 </para>
 260 </refsect3>
 261
 262 <refsect3>
 263         <title>domain join <replaceable>dnsdomain</replaceable> [DC|RODC|MEMBER|SUBDOMAIN] [options]</title>
 264         <para>Join a domain as either member or backup domain controller.</para>
 265 </refsect3>
 266
 267 <refsect3>
 268         <title>domain level <replaceable>show|raise</replaceable> <replaceable>options</replaceable> [options]</title>
 269         <para>Show/raise domain and forest function levels.</para>
 270 </refsect3>
 271
 272 <refsect3>
 273         <title>domain passwordsettings <replaceable>show|set</replaceable> <replaceable>options</replaceable> [options]</title>
 274         <para>Show/set password settings.</para>
 275 </refsect3>
 276
 277 <refsect3>
 278         <title>domain provision</title>
 279         <para>Promote an existing domain member or NT4 PDC to an AD DC.</para>
 280 </refsect3>
 281
 282 <refsect2>
 283         <title>drs</title>
 284         <para>Manage Directory Replication Services (DRS).</para>
 285 </refsect2>
 286
 287 <refsect3>
 288         <title>drs bind</title>
 289         <para>Show DRS capabilities of a server.</para>
 290 </refsect3>
 291
 292 <refsect3>
 293         <title>drs kcc</title>
 294         <para>Trigger knowledge consistency center run.</para>
 295 </refsect3>
 296
 297 <refsect3>
 298         <title>drs options</title>
 299         <para>Query or change <replaceable>options</replaceable> for NTDS Settings
 300         object of a domain controller.</para>
 301 </refsect3>
 302
 303 <refsect3>
 304         <title>drs replicate <replaceable>destination_DC</replaceable> <replaceable>source_DC</replaceable> <replaceable>NC</replaceable> [options]</title>
 305         <para>Replicate a naming context between two DCs.</para>
 306 </refsect3>
 307
 308 <refsect3>
 309         <title>drs showrepl</title>
 310         <para>Show replication status.</para>
 311 </refsect3>
 312
 313 <refsect2>
 314         <title>dsacl</title>
 315         <para>Administer DS ACLs</para>
 316 </refsect2>
 317
 318 <refsect3>
 319         <title>dsacl set</title>
 320         <para>Modify access list on a directory object.</para>
 321 </refsect3>
 322
 323 <refsect2>
 324         <title>fsmo</title>
 325         <para>Manage Flexible Single Master Operations (FSMO).</para>
 326 </refsect2>
 327
 328 <refsect3>
 329         <title>fsmo seize [options]</title>
 330         <para>Seize the role.</para>
 331 </refsect3>
 332
 333 <refsect3>
 334         <title>fsmo show</title>
 335         <para>Show the roles.</para>
 336 </refsect3>
 337
 338 <refsect3>
 339         <title>fsmo transfer [options]</title>
 340         <para>Transfer the role.</para>
 341 </refsect3>
 342
 343 <refsect2>
 344         <title>gpo</title>
 345         <para>Manage Group Policy Objects (GPO).</para>
 346 </refsect2>
 347
 348 <refsect3>
 349         <title>gpo create <replaceable>displayname</replaceable> [options]</title>
 350         <para>Create an empty GPO.</para>
 351 </refsect3>
 352
 353 <refsect3>
 354         <title>gpo del <replaceable>gpo</replaceable> [options]</title>
 355         <para>Delete GPO.</para>
 356 </refsect3>
 357
 358 <refsect3>
 359         <title>gpo dellink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title>
 360         <para>Delete GPO link from a container.</para>
 361 </refsect3>
 362
 363 <refsect3>
 364         <title>gpo fetch <replaceable>gpo</replaceable> [options]</title>
 365         <para>Download a GPO.</para>
 366 </refsect3>
 367
 368 <refsect3>
 369         <title>gpo getinheritance <replaceable>container_dn</replaceable> [options]</title>
 370         <para>Get inheritance flag for a container.</para>
 371 </refsect3>
 372
 373 <refsect3>
 374         <title>gpo getlink <replaceable>container_dn</replaceable> [options]</title>
 375         <para>List GPO Links for a container.</para>
 376 </refsect3>
 377
 378 <refsect3>
 379         <title>gpo list <replaceable>username</replaceable> [options]</title>
 380         <para>List GPOs for an account.</para>
 381 </refsect3>
 382
 383 <refsect3>
 384         <title>gpo listall</title>
 385         <para>List all GPOs.</para>
 386 </refsect3>
 387
 388 <refsect3>
 389         <title>gpo listcontainers <replaceable>gpo</replaceable> [options]</title>
 390         <para>List all linked containers for a GPO.</para>
 391 </refsect3>
 392
 393 <refsect3>
 394         <title>gpo setinheritance <replaceable>container_dn</replaceable> <replaceable>block|inherit</replaceable> [options]</title>
 395         <para>Set inheritance flag on a container.</para>
 396 </refsect3>
 397
 398 <refsect3>
 399         <title>gpo setlink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title>
 400         <para>Add or Update a GPO link to a container.</para>
 401 </refsect3>
 402
 403 <refsect3>
 404         <title>gpo show <replaceable>gpo</replaceable> [options]</title>
 405         <para>Show information for a GPO.</para>
 406 </refsect3>
 407
 408 <refsect2>
 409         <title>group</title>
 410         <para>Manage groups.</para>
 411 </refsect2>
 412
 413 <refsect3>
 414         <title>group add <replaceable>groupname</replaceable> [options]</title>
 415         <para>Create a new AD group.</para>
 416 </refsect3>
 417
 418 <refsect3>
 419         <title>group addmembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title>
 420         <para>Add members to an AD group.</para>
 421 </refsect3>
 422
 423 <refsect3>
 424         <title>group delete <replaceable>groupname</replaceable> [options]</title>
 425         <para>Delete an AD group.</para>
 426 </refsect3>
 427
 428 <refsect3>
 429         <title>group list</title>
 430         <para>List all groups.</para>
 431 </refsect3>
 432
 433 <refsect3>
 434         <title>group listmembers <replaceable>groupname</replaceable> [options]</title>
 435         <para>List all members of the specified AD group.</para>
 436 </refsect3>
 437
 438 <refsect3>
 439         <title>group removemembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title>
 440         <para>Remove members from the specified AD group.</para>
 441 </refsect3>
 442
 443 <refsect2>
 444         <title>ldapcmp <replaceable>URL1</replaceable> <replaceable>URL2</replaceable> <replaceable>domain|configuration|schema|dnsdomain|dnsforest</replaceable> [options] </title>
 445         <para>Compare two LDAP databases.</para>
 446 </refsect2>
 447
 448 <refsect2>
 449         <title>ntacl</title>
 450         <para>Manage NT ACLs.</para>
 451 </refsect2>
 452
 453 <refsect3>
 454         <title>ntacl get <replaceable>file</replaceable> [options]</title>
 455         <para>Get ACLs on a file.</para>
 456 </refsect3>
 457
 458 <refsect3>
 459         <title>ntacl set <replaceable>acl</replaceable> <replaceable>file</replaceable> [options]</title>
 460         <para>Set ACLs on a file.</para>
 461 </refsect3>
 462
 463 <refsect3>
 464         <title>ntacl sysvolcheck</title>
 465         <para>Check sysvol ACLs match defaults (including correct ACLs on GPOs).</para>
 466 </refsect3>
 467
 468 <refsect3>
 469         <title>ntacl sysvolreset</title>
 470         <para>Reset sysvol ACLs to defaults (including correct ACLs on GPOs).</para>
 471 </refsect3>
 472
 473 <refsect2>
 474         <title>rodc</title>
 475         <para>Manage Read-Only Domain Controller (RODC).</para>
 476 </refsect2>
 477
 478 <refsect3>
 479         <title>rodc preload <replaceable>SID</replaceable>|<replaceable>DN</replaceable>|<replaceable>accountname</replaceable> [options]</title>
 480         <para>Preload one account for an RODC.</para>
 481 </refsect3>
 482
 483 <refsect2>
 484         <title>sites</title>
 485         <para>Manage sites.</para>
 486 </refsect2>
 487
 488 <refsect3>
 489         <title>sites create <replaceable>site</replaceable> [options]</title>
 490         <para>Create a new site.</para>
 491 </refsect3>
 492
 493 <refsect3>
 494         <title>sites remove <replaceable>site</replaceable> [options]</title>
 495         <para>Delete an esxisting site.</para>
 496 </refsect3>
 497
 498 <refsect2>
 499         <title>spn</title>
 500         <para>Manage Service Principal Names (SPN).</para>
 501 </refsect2>
 502
 503 <refsect3>
 504         <title>spn add <replaceable>name</replaceable> <replaceable>user</replaceable> [options]</title>
 505         <para>Create a new SPN.</para>
 506 </refsect3>
 507
 508 <refsect3>
 509         <title>spn delete <replaceable>name</replaceable> [<replaceable>user</replaceable>] [options]</title>
 510         <para>Delete an existing SPN.</para>
 511 </refsect3>
 512
 513 <refsect3>
 514         <title>spn list <replaceable>user</replaceable> [options]</title>
 515         <para>List SPNs of a given user.</para>
 516 </refsect3>
 517
 518 <refsect2>
 519         <title>testparm</title>
 520         <para>Check the syntax of the configuration file.</para>
 521 </refsect2>
 522
 523 <refsect2>
 524         <title>time</title>
 525         <para>Retrieve the time on a server.</para>
 526 </refsect2>
 527
 528 <refsect2>
 529         <title>user</title>
 530         <para>Manage users.</para>
 531 </refsect2>
 532
 533 <refsect3>
 534         <title>user add <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title>
 535         <para>Create a new user. Please note that this subcommand is deprecated
 536         and available for compatibility reasons only. Please use
 537         <command>samba-tool user create</command> instead.</para>
 538 </refsect3>
 539
 540 <refsect3>
 541         <title>user create <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title>
 542         <para>Create a new user in the Active Directory Domain.</para>
 543 </refsect3>
 544
 545 <refsect3>
 546         <title>user delete <replaceable>username</replaceable> [options]</title>
 547         <para>Delete an existing user account.</para>
 548 </refsect3>
 549
 550 <refsect3>
 551         <title>user disable <replaceable>username</replaceable></title>
 552         <para>Disable an user account.</para>
 553 </refsect3>
 554
 555 <refsect3>
 556         <title>user enable <replaceable>username</replaceable></title>
 557         <para>Enable an user account.</para>
 558 </refsect3>
 559
 560 <refsect3>
 561         <title>user list</title>
 562         <para>List all users.</para>
 563 </refsect3>
 564
 565 <refsect3>
 566         <title>user password [options]</title>
 567         <para>Change password for an user account (the one provided in
 568         authentication).</para>
 569 </refsect3>
 570
 571 <refsect3>
 572         <title>user setexpiry <replaceable>username</replaceable> [options]</title>
 573         <para>Set the expiration of an user account.</para>
 574 </refsect3>
 575
 576 <refsect3>
 577         <title>user setpassword <replaceable>username</replaceable> [options]</title>
 578         <para>Sets or resets the password of an user account.</para>
 579 </refsect3>
 580
 581 <refsect2>
 582         <title>vampire [options] <replaceable>domain</replaceable></title>
 583         <para>Join and synchronise a remote AD domain to the local server.
 584         Please note that <command>samba-tool vampire</command> is deprecated,
 585         please use <command>samba-tool domain join</command> instead.</para>
 586 </refsect2>
 587
 588 <refsect2>
 589 <title>help</title>
 590 <para>Gives usage information.</para>
 591 </refsect2>
 592
 593 </refsect1>
 594
 595 <refsect1>
 596         <title>VERSION</title>
 597
 598         <para>This man page is complete for version 4 of the Samba
 599         suite.</para>
 600 </refsect1>
 601
 602 <refsect1>
 603         <title>AUTHOR</title>
 604
 605         <para>The original Samba software and related utilities
 606         were created by Andrew Tridgell. Samba is now developed
 607         by the Samba Team as an Open Source project similar
 608         to the way the Linux kernel is developed.</para>
 609
 610         <para>The samba-tool manpage was written by Karolin Seeger.</para>
 611 </refsect1>
 612
 613 </refentry>