20
20
.TH "NET" 8 "" "" ""
22
net \- Tool for administration of Samba and remote CIFS servers.
22
net - Tool for administration of Samba and remote CIFS servers.
27
\fBnet\fR {<ads|rap|rpc>} [\-h] [\-w\ workgroup] [\-W\ myworkgroup] [\-U\ user] [\-I\ ip\-address] [\-p\ port] [\-n\ myname] [\-s\ conffile] [\-S\ server] [\-l] [\-P] [\-d\ debuglevel] [\-V]
25
\fBnet\fR {<ads|rap|rpc>} [-h] [-w�workgroup] [-W�myworkgroup] [-U�user] [-I�ip-address] [-p�port] [-n�myname] [-s�conffile] [-S�server] [-l] [-P] [-d�debuglevel] [-V]
34
This tool is part of the \fBsamba\fR(7) suite\&.
37
The samba net utility is meant to work just like the net utility available for windows and DOS\&. The first argument should be used to specify the protocol to use when executing a certain command\&. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000\&. If this argument is omitted, net will try to determine it automatically\&. Not all commands are available on all protocols\&.
28
This tool is part of the
32
The samba net utility is meant to work just like the net utility available for windows and DOS. The first argument should be used to specify the protocol to use when executing a certain command. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000. If this argument is omitted, net will try to determine it automatically. Not all commands are available on all protocols.
43
Print a summary of command line options\&.
47
Sets target workgroup or domain\&. You have to specify either this option or the IP address or the name of a server\&.
36
Print a summary of command line options.
39
Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
51
42
Sets client workgroup or domain
59
IP address of target server to use\&. You have to specify either this option or a target workgroup or a target server\&.
63
Port on the target server to connect to (usually 139 or 445)\&. Defaults to trying 445 first, then 139\&.
66
\-n <primary NetBIOS name>
67
This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&.
70
\-s <configuration file>
71
The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&.
75
Name of target server\&. You should specify either this option or a target workgroup or a target IP address\&.
79
When listing data, give more information on each item\&.
83
Make queries to the external server using the machine account of the local server\&.
86
\-d|\-\-debuglevel=level
87
\fIlevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
89
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
91
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
93
Note that specifying this parameter here will override the parameter in the \fIsmb\&.conf\fR file\&.
48
IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
51
Port on the target server to connect to (usually 139 or 445). Defaults to trying 445 first, then 139.
53
-n <primary NetBIOS name>
54
This option allows you to override the NetBIOS name that Samba uses for itself. This is identical to setting the
58
file. However, a command line setting will take precedence over settings in
61
-s <configuration file>
62
The file specified contains the configuration details required by the server. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. See
64
for more information. The default configuration file name is determined at compile time.
67
Name of target server. You should specify either this option or a target workgroup or a target IP address.
70
When listing data, give more information on each item.
73
Make queries to the external server using the machine account of the local server.
77
is an integer from 0 to 10. The default value if this parameter is not specified is zero.
79
The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out.
81
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.
83
Note that specifying this parameter here will override the
97
89
.SS "CHANGESECRETPW"
100
This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory\&. DO NOT USE this command unless you know exactly what you are doing\&. The use of this command requires that the force flag (\-f) be used also\&. There will be NO command prompt\&. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password\&. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning\&. YOU HAVE BEEN WARNED\&.
105
The \fBNET TIME\fR command allows you to view the time on a remote server or synchronise the time on the local server with the time on the remote server\&.
110
Without any options, the \fBNET TIME\fR command displays the time on the remote server\&.
91
This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory. DO NOT USE this command unless you know exactly what you are doing. The use of this command requires that the force flag (-f) be used also. There will be NO command prompt. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning. YOU HAVE BEEN WARNED.
92
.\" end of SS subsection "CHANGESECRETPW"
97
command allows you to view the time on a remote server or synchronise the time on the local server with the time on the remote server.
101
Without any options, the
103
command displays the time on the remote server.
112
105
.SS "TIME SYSTEM"
115
Displays the time on the remote server in a format ready for \fB/bin/date\fR
107
Displays the time on the remote server in a format ready for
120
Tries to set the date and time of the local server to that on the remote server using \fB/bin/date\fR\&.
112
Tries to set the date and time of the local server to that on the remote server using
125
Displays the timezone in hours from GMT on the remote computer\&.
117
Displays the timezone in hours from GMT on the remote computer.
118
.\" end of SS subsection "TIME"
127
119
.SS "[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]"
130
Join a domain\&. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically\&. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created\&.
133
[TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain\&.
121
Join a domain. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created.
123
[TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain.
124
.\" end of SS subsection "[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]"
135
125
.SS "[RPC] OLDJOIN [options]"
138
Join a domain\&. Use the OLDJOIN option to join the domain using the old style of domain joining \- you need to create a trust account in server manager first\&.
127
Join a domain. Use the OLDJOIN option to join the domain using the old style of domain joining - you need to create a trust account in server manager first.
128
.\" end of SS subsection "[RPC] OLDJOIN [options]"
147
135
.SS "[RPC|ADS] USER DELETE target"
150
137
Delete specified user
152
139
.SS "[RPC|ADS] USER INFO target"
155
List the domain groups of a the specified user\&.
141
List the domain groups of a the specified user.
157
143
.SS "[RPC|ADS] USER RENAME oldname newname"
160
Rename specified user\&.
145
Rename specified user.
162
147
.SS "[RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]"
165
Add specified user\&.
150
.\" end of SS subsection "[RPC|ADS] USER"
167
151
.SS "[RPC|ADS] GROUP"
169
153
.SS "[RPC|ADS] GROUP [misc options] [targets]"
174
157
.SS "[RPC|ADS] GROUP DELETE name [misc. options]"
177
Delete specified group\&.
159
Delete specified group.
179
161
.SS "[RPC|ADS] GROUP ADD name [-C comment]"
182
Create specified group\&.
163
Create specified group.
164
.\" end of SS subsection "[RPC|ADS] GROUP"
184
165
.SS "[RAP|RPC] SHARE"
186
167
.SS "[RAP|RPC] SHARE [misc. options] [targets]"
189
Enumerates all exported resources (network shares) on target server\&.
169
Enumerates all exported resources (network shares) on target server.
191
171
.SS "[RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]"
194
Adds a share from a server (makes the export active)\&. Maxusers specifies the number of users that can be connected to the share simultaneously\&.
173
Adds a share from a server (makes the export active). Maxusers specifies the number of users that can be connected to the share simultaneously.
196
175
.SS "SHARE DELETE sharenam"
199
Delete specified share\&.
206
List all open files on remote server\&.
177
Delete specified share.
178
.\" end of SS subsection "[RAP|RPC] SHARE"
183
List all open files on remote server.
208
185
.SS "[RPC|RAP] FILE CLOSE fileid"
211
Close file with specified \fIfileid\fR on remote server\&.
187
Close file with specified
213
191
.SS "[RPC|RAP] FILE INFO fileid"
216
Print information on specified \fIfileid\fR\&. Currently listed are: file\-id, username, locks, path, permissions\&.
193
Print information on specified
194
\fIfileid\fR. Currently listed are: file-id, username, locks, path, permissions.
218
196
.SS "[RAP|RPC] FILE USER"
199
.nr an-no-space-flag 1
224
Currently NOT implemented\&.
204
Currently NOT implemented.
205
.\" end of SS subsection "[RPC|RAP] FILE"
230
208
.SS "RAP SESSION"
233
Without any other options, SESSION enumerates all active SMB/CIFS sessions on the target server\&.
210
Without any other options, SESSION enumerates all active SMB/CIFS sessions on the target server.
235
212
.SS "RAP SESSION DELETE|CLOSE CLIENT_NAME"
238
Close the specified sessions\&.
214
Close the specified sessions.
240
216
.SS "RAP SESSION INFO CLIENT_NAME"
243
Give a list with all the open files in specified session\&.
218
Give a list with all the open files in specified session.
219
.\" end of SS subsection "SESSION"
245
220
.SS "RAP SERVER DOMAIN"
248
List all servers in specified domain or workgroup\&. Defaults to local domain\&.
222
List all servers in specified domain or workgroup. Defaults to local domain.
223
.\" end of SS subsection "RAP SERVER DOMAIN"
253
Lists all domains and workgroups visible on the current network\&.
226
Lists all domains and workgroups visible on the current network.
227
.\" end of SS subsection "RAP DOMAIN"
257
230
.SS "RAP PRINTQ LIST QUEUE_NAME"
260
Lists the specified print queue and print jobs on the server\&. If the \fIQUEUE_NAME\fR is omitted, all queues are listed\&.
232
Lists the specified print queue and print jobs on the server. If the
234
is omitted, all queues are listed.
262
236
.SS "RAP PRINTQ DELETE JOBID"
265
Delete job with specified id\&.
238
Delete job with specified id.
239
.\" end of SS subsection "RAP PRINTQ"
267
240
.SS "RAP VALIDATE user [password]"
270
Validate whether the specified user can log in to the remote server\&. If the password is not specified on the commandline, it will be prompted\&.
276
Currently NOT implemented\&.
242
Validate whether the specified user can log in to the remote server. If the password is not specified on the commandline, it will be prompted.
245
.nr an-no-space-flag 1
250
Currently NOT implemented.
251
.\" end of SS subsection "RAP VALIDATE user [password]"
280
252
.SS "RAP GROUPMEMBER"
282
254
.SS "RAP GROUPMEMBER LIST GROUP"
285
List all members of the specified group\&.
256
List all members of the specified group.
287
258
.SS "RAP GROUPMEMBER DELETE GROUP USER"
290
Delete member from group\&.
260
Delete member from group.
292
262
.SS "RAP GROUPMEMBER ADD GROUP USER"
295
Add member to group\&.
265
.\" end of SS subsection "RAP GROUPMEMBER"
297
266
.SS "RAP ADMIN command"
300
Execute the specified \fIcommand\fR on the remote server\&. Only works with OS/2 servers\&.
306
Currently NOT implemented\&.
268
Execute the specified
270
on the remote server. Only works with OS/2 servers.
273
.nr an-no-space-flag 1
278
Currently NOT implemented.
279
.\" end of SS subsection "RAP ADMIN command"
310
280
.SS "RAP SERVICE"
312
282
.SS "RAP SERVICE START NAME [arguments...]"
315
Start the specified service on the remote server\&. Not implemented yet\&.
321
Currently NOT implemented\&.
284
Start the specified service on the remote server. Not implemented yet.
287
.nr an-no-space-flag 1
292
Currently NOT implemented.
325
294
.SS "RAP SERVICE STOP"
328
Stop the specified service on the remote server\&.
334
Currently NOT implemented\&.
296
Stop the specified service on the remote server.
299
.nr an-no-space-flag 1
304
Currently NOT implemented.
305
.\" end of SS subsection "RAP SERVICE"
338
306
.SS "RAP PASSWORD USER OLDPASS NEWPASS"
341
Change password of \fIUSER\fR from \fIOLDPASS\fR to \fINEWPASS\fR\&.
314
.\" end of SS subsection "RAP PASSWORD USER OLDPASS NEWPASS"
345
317
.SS "LOOKUP HOST HOSTNAME [TYPE]"
348
Lookup the IP address of the given host with the specified type (netbios suffix)\&. The type defaults to 0x20 (workstation)\&.
319
Lookup the IP address of the given host with the specified type (netbios suffix). The type defaults to 0x20 (workstation).
350
321
.SS "LOOKUP LDAP [DOMAIN"
353
Give IP address of LDAP server of specified \fIDOMAIN\fR\&. Defaults to local domain\&.
323
Give IP address of LDAP server of specified
324
\fIDOMAIN\fR. Defaults to local domain.
355
326
.SS "LOOKUP KDC [REALM]"
358
Give IP address of KDC for the specified \fIREALM\fR\&. Defaults to local realm\&.
328
Give IP address of KDC for the specified
329
\fIREALM\fR. Defaults to local realm.
360
331
.SS "LOOKUP DC [DOMAIN]"
363
Give IP's of Domain Controllers for specified \fI DOMAIN\fR\&. Defaults to local domain\&.
333
Give IP's of Domain Controllers for specified
334
\fI DOMAIN\fR. Defaults to local domain.
365
336
.SS "LOOKUP MASTER DOMAIN"
368
Give IP of master browser for specified \fIDOMAIN\fR or workgroup\&. Defaults to local domain\&.
338
Give IP of master browser for specified
340
or workgroup. Defaults to local domain.
341
.\" end of SS subsection "LOOKUP"
373
Samba uses a general caching interface called 'gencache'\&. It can be controlled using 'NET CACHE'\&.
376
All the timeout parameters support the suffixes:
377
s \- Secondsm \- Minutesh \- Hoursd \- Daysw \- Weeks
344
Samba uses a general caching interface called 'gencache'. It can be controlled using 'NET CACHE'.
346
All the timeout parameters support the suffixes:
379
359
.SS "CACHE ADD key data time-out"
382
Add specified key+data to the cache with the given timeout\&.
361
Add specified key+data to the cache with the given timeout.
384
363
.SS "CACHE DEL key"
387
Delete key from the cache\&.
365
Delete key from the cache.
389
367
.SS "CACHE SET key data time-out"
392
Update data of existing cache entry\&.
369
Update data of existing cache entry.
394
371
.SS "CACHE SEARCH PATTERN"
397
Search for the specified pattern in the cache data\&.
373
Search for the specified pattern in the cache data.
402
List all current items in the cache\&.
377
List all current items in the cache.
404
379
.SS "CACHE FLUSH"
407
Remove all the current items from the cache\&.
381
Remove all the current items from the cache.
382
.\" end of SS subsection "CACHE"
409
383
.SS "GETLOCALSID [DOMAIN]"
412
Print the SID of the specified domain, or if the parameter is omitted, the SID of the domain the local server is in\&.
385
Print the SID of the specified domain, or if the parameter is omitted, the SID of the domain the local server is in.
386
.\" end of SS subsection "GETLOCALSID [DOMAIN]"
414
387
.SS "SETLOCALSID S-1-5-21-x-y-z"
417
Sets domain sid for the local server to the specified SID\&.
389
Sets domain sid for the local server to the specified SID.
390
.\" end of SS subsection "SETLOCALSID S-1-5-21-x-y-z"
422
Manage the mappings between Windows group SIDs and UNIX groups\&. Parameters take the for "parameter=value"\&. Common options include:
426
unixgroup \- Name of the UNIX group
429
ntgroup \- Name of the Windows NT group (must be resolvable to a SID
432
rid \- Unsigned 32\-bit integer
435
sid \- Full SID in the form of "S\-1\-\&.\&.\&."
438
type \- Type of the group; either 'domain', 'local', or 'builtin'
441
comment \- Freeform text description of the group
393
Manage the mappings between Windows group SIDs and UNIX groups. Parameters take the for "parameter=value". Common options include:
396
unixgroup - Name of the UNIX group
399
ntgroup - Name of the Windows NT group (must be resolvable to a SID
402
rid - Unsigned 32-bit integer
405
sid - Full SID in the form of "S-1-..."
408
type - Type of the group; either 'domain', 'local', or 'builtin'
411
comment - Freeform text description of the group
444
415
.SS "GROUPMAP ADD"
447
Add a new group mapping entry:
417
Add a new group mapping entry:
450
net groupmap add {rid=int|sid=string} unixgroup=string \\
422
net groupmap add {rid=int|sid=string} unixgroup=string \
451
423
[type={domain|local}] [ntgroup=string] [comment=string]
455
427
.SS "GROUPMAP DELETE"
458
Delete a group mapping entry\&. If more then one group name matches, the first entry found is deleted\&.
429
Delete a group mapping entry. If more then one group name matches, the first entry found is deleted.
461
431
net groupmap delete {ntgroup=string|sid=SID}
463
433
.SS "GROUPMAP MODIFY"
466
435
Update en existing group entry
472
net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \\
442
net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \
473
443
[comment=string] [type={domain|local}]
477
447
.SS "GROUPMAP LIST"
480
449
List existing group mapping entries
483
451
net groupmap list [verbose] [ntgroup=string] [sid=SID]
452
.\" end of SS subsection "GROUPMAP"
488
Prints out the highest RID currently in use on the local server (by the active 'passdb backend')\&.
455
Prints out the highest RID currently in use on the local server (by the active 'passdb backend').
456
.\" end of SS subsection "MAXRID"
493
Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups\&.
459
Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups.
460
.\" end of SS subsection "RPC INFO"
495
461
.SS "[RPC|ADS] TESTJOIN"
498
Check whether participation in a domain is still valid\&.
463
Check whether participation in a domain is still valid.
464
.\" end of SS subsection "[RPC|ADS] TESTJOIN"
500
465
.SS "[RPC|ADS] CHANGETRUSTPW"
503
Force change of domain trust password\&.
467
Force change of domain trust password.
468
.\" end of SS subsection "[RPC|ADS] CHANGETRUSTPW"
505
469
.SS "RPC TRUSTDOM"
507
471
.SS "RPC TRUSTDOM ADD DOMAIN"
510
Add a interdomain trust account for \fIDOMAIN\fR to the remote server\&.
473
Add a interdomain trust account for
475
to the remote server.
512
477
.SS "RPC TRUSTDOM DEL DOMAIM"
515
Remove interdomain trust account for \fIDOMAIN\fR from the remote server\&.
521
Currently NOT implemented\&.
479
Remove interdomain trust account for
481
from the remote server.
484
.nr an-no-space-flag 1
489
Currently NOT implemented.
525
491
.SS "RPC TRUSTDOM ESTABLISH DOMAIN"
528
Establish a trust relationship to a trusting domain\&. Interdomain account must already be created on the remote PDC\&.
493
Establish a trust relationship to a trusting domain. Interdomain account must already be created on the remote PDC.
530
495
.SS "RPC TRUSTDOM REVOKE DOMAIN"
533
497
Abandon relationship to trusted domain
535
499
.SS "RPC TRUSTDOM LIST"
538
List all current interdomain trust relationships\&.
501
List all current interdomain trust relationships.
543
This subcommand is used to view and manage Samba's rights assignments (also referred to as privileges)\&. There are three options current available: \fIlist\fR, \fIgrant\fR, and \fIrevoke\fR\&. More details on Samba's privilege model and its use can be found in the Samba\-HOWTO\-Collection\&.
505
This subcommand is used to view and manage Samba's rights assignments (also referred to as privileges). There are three options current available:
508
\fIrevoke\fR. More details on Samba's privilege model and its use can be found in the Samba-HOWTO-Collection.
509
.\" end of SS subsection "RPC TRUSTDOM"
545
510
.SS "RPC ABORTSHUTDOWN"
548
Abort the shutdown of a remote server\&.
512
Abort the shutdown of a remote server.
513
.\" end of SS subsection "RPC ABORTSHUTDOWN"
550
514
.SS "SHUTDOWN [-t timeout] [-r] [-f] [-C message]"
553
Shut down the remote server\&.
557
Reboot after shutdown\&.
561
Force shutting down all applications\&.
565
Timeout before system will be shut down\&. An interactive user of the system can use this time to cancel the shutdown\&.
569
Display the specified message on the screen to announce the shutdown\&.
574
Print out sam database of remote server\&. You need to run this on either a BDC\&.
579
Export users, aliases and groups from remote server to local server\&. Can only be run an a BDC\&.
584
Fetch domain SID and store it in the local \fIsecrets\&.tdb\fR\&.
516
Shut down the remote server.
519
Reboot after shutdown.
522
Force shutting down all applications.
525
Timeout before system will be shut down. An interactive user of the system can use this time to cancel the shutdown.
530
Display the specified message on the screen to announce the shutdown.
531
.\" end of SS subsection "SHUTDOWN [-t timeout] [-r] [-f] [-C message]"
534
Print out sam database of remote server. You need to run this on either a BDC or a PDC.
536
.\" end of SS subsection "RPC SAMDUMP"
539
Export users, aliases and groups from remote server to local server. Can only be run an a BDC.
540
.\" end of SS subsection "RPC VAMPIRE"
543
Fetch domain SID and store it in the local
545
.\" end of SS subsection "RPC GETSID"
589
Make the remote host leave the domain it is part of\&.
548
Make the remote host leave the domain it is part of.
549
.\" end of SS subsection "ADS LEAVE"
594
Print out status of machine account of the local machine in ADS\&. Prints out quite some debug info\&. Aimed at developers, regular users should use \fBNET ADS TESTJOIN\fR\&.
552
Print out status of machine account of the local machine in ADS. Prints out quite some debug info. Aimed at developers, regular users should use
553
\fBNET ADS TESTJOIN\fR.
554
.\" end of SS subsection "ADS STATUS"
596
555
.SS "ADS PRINTER"
598
557
.SS "ADS PRINTER INFO [PRINTER] [SERVER]"
601
Lookup info for \fIPRINTER\fR on \fISERVER\fR\&. The printer name defaults to "*", the server name defaults to the local host\&.
562
\fISERVER\fR. The printer name defaults to "*", the server name defaults to the local host.
603
564
.SS "ADS PRINTER PUBLISH PRINTER"
606
Publish specified printer using ADS\&.
566
Publish specified printer using ADS.
608
568
.SS "ADS PRINTER REMOVE PRINTER"
611
Remove specified printer from ADS directory\&.
570
Remove specified printer from ADS directory.
571
.\" end of SS subsection "ADS PRINTER"
613
572
.SS "ADS SEARCH EXPRESSION ATTRIBUTES..."
616
Perform a raw LDAP search on a ADS server and dump the results\&. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results\&.
619
Example: \fBnet ads search '(objectCategory=group)' sAMAccountName\fR
574
Perform a raw LDAP search on a ADS server and dump the results. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results.
577
\fBnet ads search '(objectCategory=group)' sAMAccountName\fR
578
.\" end of SS subsection "ADS SEARCH EXPRESSION ATTRIBUTES..."
621
579
.SS "ADS DN DN (attributes)"
624
Perform a raw LDAP search on a ADS server and dump the results\&. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result\&.
627
Example: \fBnet ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName\fR
632
Print out workgroup name for specified kerberos realm\&.
581
Perform a raw LDAP search on a ADS server and dump the results. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result.
584
\fBnet ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName\fR
585
.\" end of SS subsection "ADS DN DN (attributes)"
588
Print out workgroup name for specified kerberos realm.
589
.\" end of SS subsection "ADS WORKGROUP"
592
Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user define shares to be exported using the "net usershare" commands.
594
To set this up, first set up your smb.conf by adding to the [global] section : usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops". Set the permissions on /usr/local/samba/lib/usershares to 01770. (Owner and group all access, no access for others, plus the sticky bit, which means that a file in that directory can be renamed or deleted only by the owner of the file). Finally, tell smbd how many usershares you will allow by adding to the [global] section of smb.conf a line such as : usershare max shares = 100. To allow 100 usershare definitions. Now, members of the UNIX group "serverops" can create user defined shares on demand using the commands below.
596
The usershare commands are:
598
net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] - to add or change a user defined share.
600
net usershare delete sharename - to delete a user defined share.
602
net usershare info [-l|--long] [wildcard sharename] - to print info about a user defined share.
604
net usershare list [-l|--long] [wildcard sharename] - to list user defined shares.
607
.SS "USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]"
609
Add or replace a new user defined share, with name "sharename".
611
"path" specifies the absolute pathname on the system to be exported. Restrictions may be put on this, see the global smb.conf parameters : "usershare owner only", "usershare prefix allow list", and "usershare prefix deny list".
613
The optional "comment" parameter is the comment that will appear on the share when browsed to by a client.
615
The optional "acl" field specifies which users have read and write access to the entire share. Note that guest connections are not allowed unless the smb.conf parameter "usershare allow guests" has been set. The definition of a user defined share acl is : "user:permission", where user is a valid username on the system and permission can be "F", "R", or "D". "F" stands for "full permissions", ie. read and write permissions. "D" stands for "deny" for a user, ie. prevent this user from accessing this share. "R" stands for "read only", ie. only allow read access to this share (no creation of new files or directories or writing to files).
617
The default if no "acl" is given is "Everyone:R", which means any authenticated user has read-only access.
619
The optional "guest_ok" has the same effect as the parameter of the same name in smb.conf, in that it allows guest access to this user defined share. This parameter is only allowed if the global parameter "usershare allow guests" has been set to true in the smb.conf.
622
There is no separate command to modify an existing user defined share,
623
just use the "net usershare add [sharename]" command using the same
624
sharename as the one you wish to modify and specify the new options
625
you wish. The Samba smbd daemon notices user defined share modifications
626
at connect time so will see the change immediately, there is no need
627
to restart smbd on adding, deleting or changing a user defined share.
629
.SS "USERSHARE DELETE sharename"
631
Deletes the user defined share by name. The Samba smbd daemon immediately notices this change, although it will not disconnect any users currently connected to the deleted share.
633
.SS "USERSHARE INFO [-l|--long] [wildcard sharename]"
635
Get info on user defined shares owned by the current user matching the given pattern, or all users.
637
net usershare info on its own dumps out info on the user defined shares that were created by the current user, or restricts them to share names that match the given wildcard pattern ('*' matches one or more characters, '?' matches only one character). If the '-l' or '--long' option is also given, it prints out info on user defined shares created by other users.
639
The information given about a share looks like : [foobar] path=/home/jeremy comment=testme usershare_acl=Everyone:F guest_ok=n And is a list of the current settings of the user defined share that can be modified by the "net usershare add" command.
641
.SS "USERSHARE LIST [-l|--long] wildcard sharename"
643
List all the user defined shares owned by the current user matching the given pattern, or all users.
645
net usershare list on its own list out the names of the user defined shares that were created by the current user, or restricts the list to share names that match the given wildcard pattern ('*' matches one or more characters, '?' matches only one character). If the '-l' or '--long' option is also given, it includes the names of user defined shares created by other users.
646
.\" end of SS subsection "USERSHARE"
634
647
.SS "HELP [COMMAND]"
637
Gives usage information for the specified command\&.
649
Gives usage information for the specified command.
650
.\" end of SS subsection "HELP [COMMAND]"
642
This man page is complete for version 3\&.0 of the Samba suite\&.
653
This man page is complete for version 3.0 of the Samba suite.
647
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
650
The net manpage was written by Jelmer Vernooij\&.
656
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
658
The net manpage was written by Jelmer Vernooij.