System Administration tools NET(1M)
NAME
net - Tool for administration of Samba and remote CIFS
servers.
SYNOPSIS
net {} [-h] [-w workgroup] [-W myworkgroup]
[-U user] [-I ip-address] [-p port] [-n myname]
[-s conffile] [-S server] [-l] [-P] [-d debuglevel] [-V]
DESCRIPTION
This tool is part of the samba(7) suite.
The Samba net utility is meant to work just like the net
utility available for windows and DOS. The first argument
should be used to specify the protocol to use when executing
a certain command. ADS is used for ActiveDirectory, RAP is
using for old (Win9x/NT3) clients and RPC can be used for
NT4 and Windows 2000. If this argument is omitted, net will
try to determine it automatically. Not all commands are
available on all protocols.
OPTIONS
-h--help
Print a summary of command line options.
-w target-workgroup
Sets target workgroup or domain. You have to specify
either this option or the IP address or the name of a
server.
-W workgroup
Sets client workgroup or domain
-U user
User name to use
-I ip-address
IP address of target server to use. You have to specify
either this option or a target workgroup or a target
server.
-p port
Port on the target server to connect to (usually 139 or
445). Defaults to trying 445 first, then 139.
-n
This option allows you to override the NetBIOS name that
Samba uses for itself. This is identical to setting the
netbios name parameter in the smb.conf file. However, a
command line setting will take precedence over settings
in smb.conf.
Samba 3.0 Last change: 01/19/2009 1
System Administration tools NET(1M)
-s
The file specified contains the configuration details
required by the server. The information in this file
includes server-specific information such as what
printcap file to use, as well as descriptions of all the
services that the server is to provide. See smb.conf for
more information. The default configuration file name is
determined at compile time.
-S server
Name of target server. You should specify either this
option or a target workgroup or a target IP address.
-l
When listing data, give more information on each item.
-P
Make queries to the external server using the machine
account of the local server.
-d--debuglevel=level
level is an integer from 0 to 10. The default value if
this parameter is not specified is 0.
The higher this value, the more detail will be logged to
the log files about the activities of the server. At
level 0, only critical errors and serious warnings will
be logged. Level 1 is a reasonable level for day-to-day
running - it generates a small amount of information
about operations carried out.
Levels above 1 will generate considerable amounts of log
data, and should only be used when investigating a
problem. Levels above 3 are designed for use only by
developers and generate HUGE amounts of log data, most
of which is extremely cryptic.
Note that specifying this parameter here will override
the log level parameter in the smb.conf file.
COMANDS
CHANGESECRETPW
This command allows the Samba machine account password to be
set from an external application to a machine account
password that has already been stored in Active Directory.
DO NOT USE this command unless you know exactly what you are
doing. The use of this command requires that the force flag
(-f) be used also. There will be NO command prompt. Whatever
information is piped into stdin, either by typing at the
command line or otherwise, will be stored as the literal
machine password. Do NOT use this without care and attention
as it will overwrite a legitimate machine password without
Samba 3.0 Last change: 01/19/2009 2
System Administration tools NET(1M)
warning. YOU HAVE BEN WARNED.
TIME
The NET TIME command allows you to view the time on a remote
server or synchronise the time on the local server with the
time on the remote server.
TIME
Without any options, the NET TIME command displays the time
on the remote server.
TIME SYSTEM
Displays the time on the remote server in a format ready for
/bin/date.
TIME SET
Tries to set the date and time of the local server to that
on the remote server using /bin/date.
TIME ZONE
Displays the timezone in hours from GMT on the remote
computer.
[RPCADS] JOIN [TYPE] [-U username[%password] [createupn=UPN]
[createcomputer=OU] [options]
Join a domain. If the account already exists on the server,
and [TYPE] is MEMBER, the machine will attempt to join
automatically. (Assuming that the machine has been created
in server manager) Otherwise, a password will be prompted
for, and a new account may be created.
[TYPE] may be PDC, BDC or MEMBER to specify the type of
server joining the domain.
[UPN] (ADS only) set the principalname attribute during the
join. The default format is host/netbiosname@REALM.
[OU] (ADS only) Precreate the computer account in a specific
OU. The OU string reads from top to bottom without RDNs, and
is delimited by a '/'. Please note that '\' is used for
escape by both the shell and ldap, so it may need to be
doubled or quadrupled to pass through, and it is not used as
a delimiter.
[RPC] OLDJOIN [options]
Join a domain. Use the OLDJOIN option to join the domain
using the old style of domain joining - you need to create a
trust account in server manager first.
[RPCADS] USER
[RPCADS] USER
Samba 3.0 Last change: 01/19/2009 3
System Administration tools NET(1M)
List all users
[RPCADS] USER DELETE target
Delete specified user
[RPCADS] USER INFO target
List the domain groups of the specified user.
[RPCADS] USER RENAME oldname newname
Rename specified user.
[RPCADS] USER AD name [password] [-F user flags] [-C comment]
Add specified user.
[RPCADS] GROUP
[RPCADS] GROUP [misc options] [targets]
List user groups.
[RPCADS] GROUP DELETE name [misc. options]
Delete specified group.
[RPCADS] GROUP AD name [-C comment]
Create specified group.
[RAPRPC] SHARE
[RAPRPC] SHARE [misc. options] [targets]
Enumerates all exported resources (network shares) on target
server.
[RAPRPC] SHARE AD name=serverpath [-C comment] [-M maxusers]
[targets]
Adds a share from a server (makes the export active).
Maxusers specifies the number of users that can be connected
to the share simultaneously.
SHARE DELETE sharename
Delete specified share.
[RPCRAP] FILE
[RPCRAP] FILE
List all open files on remote server.
[RPCRAP] FILE CLOSE fileid
Close file with specified fileid on remote server.
[RPCRAP] FILE INFO fileid
Print information on specified fileid. Currently listed are:
file-id, username, locks, path, permissions.
[RAPRPC] FILE USER user
List files opened by specified user. Please note that net
rap file user does not work against Samba servers.
Samba 3.0 Last change: 01/19/2009 4
System Administration tools NET(1M)
SESION
RAP SESION
Without any other options, SESION enumerates all active
SMB/CIFS sessions on the target server.
RAP SESION DELETECLOSE CLIENTNAME
Close the specified sessions.
RAP SESION INFO CLIENTNAME
Give a list with all the open files in specified session.
RAP SERVER DOMAIN
List all servers in specified domain or workgroup. Defaults
to local domain.
RAP DOMAIN
Lists all domains and workgroups visible on the current
network.
RAP PRINTQ
RAP PRINTQ INFO QUEUENAME
Lists the specified print queue and print jobs on the
server. If the QUEUENAME is omitted, all queues are listed.
RAP PRINTQ DELETE JOBID
Delete job with specified id.
RAP VALIDATE user [password]
Validate whether the specified user can log in to the remote
server. If the password is not specified on the commandline,
it will be prompted.
Note
Currently NOT implemented.
RAP GROUPMEMBER
RAP GROUPMEMBER LIST GROUP
List all members of the specified group.
RAP GROUPMEMBER DELETE GROUP USER
Delete member from group.
RAP GROUPMEMBER AD GROUP USER
Add member to group.
RAP ADMIN command
Execute the specified command on the remote server. Only
works with OS/2 servers.
Note
Samba 3.0 Last change: 01/19/2009 5
System Administration tools NET(1M)
Currently NOT implemented.
RAP SERVICE
RAP SERVICE START NAME [arguments...]
Start the specified service on the remote server. Not
implemented yet.
Note
Currently NOT implemented.
RAP SERVICE STOP
Stop the specified service on the remote server.
Note
Currently NOT implemented.
RAP PASWORD USER OLDPAS NEWPAS
Change password of USER from OLDPAS to NEWPAS.
LOKUP
LOKUP HOST HOSTNAME [TYPE]
Lookup the IP address of the given host with the specified
type (netbios suffix). The type defaults to 0x20
(workstation).
LOKUP LDAP [DOMAIN]
Give IP address of LDAP server of specified DOMAIN. Defaults
to local domain.
LOKUP KDC [REALM]
Give IP address of KDC for the specified REALM. Defaults to
local realm.
LOKUP DC [DOMAIN]
Give IP's of Domain Controllers for specified
DOMAIN. Defaults to local domain.
LOKUP MASTER DOMAIN
Give IP of master browser for specified DOMAIN or workgroup.
Defaults to local domain.
CACHE
Samba uses a general caching interface called 'gencache'. It
can be controlled using 'NET CACHE'.
All the timeout parameters support the suffixes:
s - Seconds
Samba 3.0 Last change: 01/19/2009 6
System Administration tools NET(1M)
m - Minutes
h - Hours
d - Days
w - Weeks
CACHE AD key data time-out
Add specified key]data to the cache with the given timeout.
CACHE DEL key
Delete key from the cache.
CACHE SET key data time-out
Update data of existing cache entry.
CACHE SEARCH PATERN
Search for the specified pattern in the cache data.
CACHE LIST
List all current items in the cache.
CACHE FLUSH
Remove all the current items from the cache.
GETLOCALSID [DOMAIN]
Prints the SID of the specified domain, or if the parameter
is omitted, the SID of the local server.
SETLOCALSID S-1-5-21-x-y-z
Sets SID for the local server to the specified SID.
GETDOMAINSID
Prints the local machine SID and the SID of the current
domain.
SETDOMAINSID
Sets the SID of the current domain.
GROUPMAP
Manage the mappings between Windows group SIDs and UNIX
groups. Common options include:
]o unixgroup - Name of the UNIX group
]o ntgroup - Name of the Windows NT group (must be
resolvable to a SID
]o rid - Unsigned 32-bit integer
Samba 3.0 Last change: 01/19/2009 7
System Administration tools NET(1M)
]o sid - Full SID in the form of "S-1-..."
]o type - Type of the group; either 'domain', 'local', or
'builtin'
]o comment - Freeform text description of the group
GROUPMAP AD
Add a new group mapping entry:
net groupmap add {rid=intsid=string} unixgroup=string \
[type={domainlocal}] [ntgroup=string] [comment=string]
GROUPMAP DELETE
Delete a group mapping entry. If more than one group name
matches, the first entry found is deleted.
net groupmap delete {ntgroup=stringsid=SID}
GROUPMAP MODIFY
Update en existing group entry.
net groupmap modify {ntgroup=stringsid=SID} [unixgroup=string] \
[comment=string] [type={domainlocal}]
GROUPMAP LIST
List existing group mapping entries.
net groupmap list [verbose] [ntgroup=string] [sid=SID]
MAXRID
Prints out the highest RID currently in use on the local
server (by the active 'passdb backend').
RPC INFO
Print information about the domain of the remote server,
such as domain name, domain sid and number of users and
groups.
[RPCADS] TESTJOIN
Check whether participation in a domain is still valid.
[RPCADS] CHANGETRUSTPW
Force change of domain trust password.
RPC TRUSTDOM
Samba 3.0 Last change: 01/19/2009 8
System Administration tools NET(1M)
RPC TRUSTDOM AD DOMAIN
Add a interdomain trust account for DOMAIN. This is in fact
a Samba account named DOMAIN$ with the account flag 'I'
(interdomain trust account). If the command is used against
localhost it has the same effect as smbpasswd -a -i DOMAIN.
Please note that both commands expect a appropriate UNIX
account.
RPC TRUSTDOM DEL DOMAIN
Remove interdomain trust account for DOMAIN. If it is used
against localhost it has the same effect as smbpasswd -x
DOMAIN$.
RPC TRUSTDOM ESTABLISH DOMAIN
Establish a trust relationship to a trusting domain.
Interdomain account must already be created on the remote
PDC.
RPC TRUSTDOM REVOKE DOMAIN
Abandon relationship to trusted domain
RPC TRUSTDOM LIST
List all current interdomain trust relationships.
RPC RIGHTS
This subcommand is used to view and manage Samba's rights
assignments (also referred to as privileges). There are
three options currently available: list, grant, and revoke.
More details on Samba's privilege model and its use can be
found in the Samba-HOWTO-Collection.
RPC ABORTSHUTDOWN
Abort the shutdown of a remote server.
RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]
Shut down the remote server.
-r
Reboot after shutdown.
-f
Force shutting down all applications.
-t timeout
Timeout before system will be shut down. An interactive
user of the system can use this time to cancel the
shutdown.
'>
-C message
Display the specified message on the screen to announce
the shutdown.
Samba 3.0 Last change: 01/19/2009 9
System Administration tools NET(1M)
RPC SAMDUMP
Print out sam database of remote server. You need to run
this against the PDC, from a Samba machine joined as a BDC.
RPC VAMPIRE
Export users, aliases and groups from remote server to local
server. You need to run this against the PDC, from a Samba
machine joined as a BDC.
RPC GETSID
Fetch domain SID and store it in the local secrets.tdb.
ADS LEAVE
Make the remote host leave the domain it is part of.
ADS STATUS
Print out status of machine account of the local machine in
ADS. Prints out quite some debug info. Aimed at developers,
regular users should use NET ADS TESTJOIN.
ADS PRINTER
ADS PRINTER INFO [PRINTER] [SERVER]
Lookup info for PRINTER on SERVER. The printer name defaults
to "*", the server name defaults to the local host.
ADS PRINTER PUBLISH PRINTER
Publish specified printer using ADS.
ADS PRINTER REMOVE PRINTER
Remove specified printer from ADS directory.
ADS SEARCH EXPRESION ATRIBUTES...
Perform a raw LDAP search on a ADS server and dump the
results. The expression is a standard LDAP search
expression, and the attributes are a list of LDAP fields to
show in the results.
Example: net ads search '(objectCategory=group)'
sAMAccountName
ADS DN DN (attributes)
Perform a raw LDAP search on a ADS server and dump the
results. The DN standard LDAP DN, and the attributes are a
list of LDAP fields to show in the result.
Example: net ads dn
'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName
ADS WORKGROUP
Print out workgroup name for specified kerberos realm.
Samba 3.0 Last change: 01/19/2009 10
System Administration tools NET(1M)
SAM CREATEBUILTINGROUP
(Re)Create a BUILTIN group. Only a wellknown set of BUILTIN
groups can be created with this command. This is the list of
currently recognized group names: Administrators, Users,
Guests, Power Users, Account Operators, Server Operators,
Print Operators, Backup Operators, Replicator, RAS Servers,
Pre-Windows 2000 compatible Access. This command requires a
running Winbindd with idmap allocation properly configured.
The group gid will be allocated out of the winbindd range.
SAM CREATELOCALGROUP
Create a LOCAL group (also known as Alias). This command
requires a running Winbindd with idmap allocation properly
configured. The group gid will be allocated out of the
winbindd range.
SAM DELETELOCALGROUP
Delete an existing LOCAL group (also known as Alias).
SAM MAPUNIXGROUP
Map an existing Unix group and make it a Domain Group, the
domain group will have the same name.
SAM UNMAPUNIXGROUP
Remove an existing group mapping entry.
SAM ADMEM
Add a member to a Local group. The group can be specified
only by name, the member can be specified by name or SID.
SAM DELMEM
Remove a member from a Local group. The group and the member
must be specified by name.
SAM LISTMEM
List Local group members. The group must be specified by
name.
SAM LIST
[verbose]
List the specified set of accounts by name. If verbose is
specified, the rid and description is also provided for each
account.
SAM SHOW
Show the full DOMAIN\\NAME the SID and the type for the
corresponding account.
SAM SET HOMEDIR
Set the home directory for a user account.
Samba 3.0 Last change: 01/19/2009 11
System Administration tools NET(1M)
SAM SET PROFILEPATH
Set the profile path for a user account.
SAM SET COMENT
Set the comment for a user or group account.
SAM SET FULNAME
Set the full name for a user account.
SAM SET LOGONSCRIPT |
