System Administration Commands smbadm(1M)
NAME
smbadm - configure and manage CIFS local groups and users,
and manage domain membership
SYNOPSIS
smbadm add-member -m member [-m member] ...] group
smbadm create [-d description] group
smbadm delete group
smbadm disable-user username
smbadm enable-user username
smbadm get [-p property] ...] group
smbadm join -u username domain
smbadm join -w workgroup
smbadm list
smbadm remove-member -m member [-m member] ...] group
smbadm rename group new-group
smbadm set -p property=value [-p property=value] ...] group
smbadm show [-m] [-p] [group]
DESCRIPTION
The smbadm command is used to configure CIFS local groups
and to manage domain membership. You can also use the smbadm
command to enable or disable SMB password generation for
individual local users.
SunOS 5.11 Last change: 8 Jan 2009 1
System Administration Commands smbadm(1M)
CIFS local groups can be used when Windows accounts must be
members of some local groups and when Windows style
privileges must be granted. Solaris local groups cannot pro-
vide these functions.
There are two types of local groups: user defined and
built-in. Built-in local groups are predefined local groups
to support common administration tasks.
In order to provide proper identity mapping between CIFS
local groups and Solaris groups, a CIFS local group must
have a corresponding Solaris group. This requirement has two
consequences: first, the group name must conform to the
intersection of the Windows and Solaris group name rules.
Thus, a CIFS local group name can be up to eight (8) charac-
ters long and contain only lowercase characters and numbers.
Second, a Solaris local group has to be created before a
CIFS local group can be created.
Built-in groups are standard Windows groups and are prede-
fined by the CIFS service. The built-in groups cannot be
added, removed, or renamed, and these groups do not follow
the CIFS local group naming conventions.
When the CIFS server is started, the following built-in
groups are available:
Administrators
Group members can administer the system.
Backup Operators
Group members can bypass file access controls to back up
and restore files.
Power Users
Group members can share directories.
Solaris local users must have an SMB password for authenti-
cation and to gain access to CIFS resources. This password
is created by using the passwd(1) command when the
pamsmbpassword module is added to the system's PAM
SunOS 5.11 Last change: 8 Jan 2009 2
System Administration Commands smbadm(1M)
configuration. See the pamsmbpasswd(5) man page.
The disable-user and enable-user subcommands control SMB
password-generation for a specified local user. When dis-
abled, the user is prevented from connecting to the Solaris
CIFS service. By default, SMB password-generation is enabled
for all local users.
To reenable a disabled user, you must use the enable-user
subcommand and then reset the user's password by using the
passwd command. The pamsmbpasswd.so.1 module must be added
to the system's PAM configuration to generate an SMB pass-
word.
Escaping Backslash Character
For the add-member, remove-member, and join (with -u) sub-
commands, the backslash character (\) is a valid separator
between member or user names and domain names. The backslash
character is a shell special character and must be quoted.
For example, you might escape the backslash character with
another backslash character: domain\\username. For more
information about handling shell special characters, see the
man page for your shell.
OPERANDS
The smbadm command uses the following operands:
domain
Specifies the name of an existing Windows domain to
join.
group
Specifies the name of the CIFS local group.
username
Specifies the name of a Solaris local user.
SUB-COMANDS
The smbadm command includes these subcommands:
add-member -m member [-m member] ...] group
Adds the specified member to the specified CIFS local
group. The -m member option specifies the name of a CIFS
SunOS 5.11 Last change: 8 Jan 2009 3
System Administration Commands smbadm(1M)
local group member. The member name must include an
existing user name and an optional domain name.
Specify the member name in either of the following for-
mats:
[domain\]username
[domain/]username
For example, a valid member name might be sales\terry or
sales/terry, where sales is the Windows domain name and
terry is the name of a user in the sales domain.
create [-d description] group
Creates a CIFS local group with the specified name. You
can optionally specify a description of the group by
using the -d option.
delete group
Deletes the specified CIFS local group. The built-in
groups cannot be deleted.
disable username
Disables SMB password-generation capabilities for the
specified local user. A disabled local user is prevented
from accessing the system by means of the CIFS service.
When a local user account is disabled, you cannot use
the passwd command to modify the user's SMB password
until the user account is reenabled.
enable username
Enables SMB password-generation capabilities for the
specified local user. After the password-generation
capabilities are reenabled, you must use the passwd com-
mand to generate the SMB password for the local user
before he can connect to the CIFS service.
The passwd command manages both the Solaris password and
SMB password for this user if the pamsmbpasswd module
has been added to the system's PAM configuration.
SunOS 5.11 Last change: 8 Jan 2009 4
System Administration Commands smbadm(1M)
get [-p property=value] ...] group
Retrieves property values for the specified group. If no
property is specified, all property values are shown.
join -u username domain
Joins a Windows domain or a workgroup.
The default mode for the CIFS service is workgroup mode,
which uses the default workgroup name, WORKGROUP.
An authenticated user account is required to join a
domain, so you must specify the Windows administrative
user name with the -u option. If the password is not
specified on the command line, the user is prompted for
it. This user should be the domain administrator or any
user who has administrative privileges for the target
domain.
username and domain can be entered in any of the follow-
ing formats:
username[]password] domain
domain\username[]password]
domain/username[]password]
username@domain
...where domain can be the NetBIOS or DNS domain name.
If a machine trust account for the system already exists
on a domain controller, any authenticated user account
can be used when joining the domain. However, if the
machine trust account does not already exist, an account
that has administrative privileges on the domain is
required to join the domain.
join -w workgroup
Joins a Windows domain or a workgroup.
The -w workgroup option specifies the name of the work-
group to join when using the join subcommand.
list
Shows information about the current workgroup or domain.
The information typically includes the workgroup name or
SunOS 5.11 Last change: 8 Jan 2009 5
System Administration Commands smbadm(1M)
the primary domain name. When in domain mode, the infor-
mation includes domain controller names and trusted
domain names.
Each entry in the ouput is identified by one of the fol-
lowing tags:
- [*] - Primary domain
- [.] - Local domain
- [-] - Other domains
- [] - Selected domain controller
remove-member -m member [-m member] ...] group
Removes the specified member from the specified CIFS
local group. The -m member option specifies the name of
a CIFS local group member. The member name must include
an existing user name and an optional domain name.
Specify the member name in either of the following for-
mats:
[domain\]username
[domain/]username
For example, a valid member name might be sales\terry or
sales/terry, where sales is the Windows domain name and
terry is the name of a user in the sales domain.
rename group new-group
Renames the specified CIFS local group. The group must
already exist. The built-in groups cannot be renamed.
set -p property=value [-p property=value] ...] group
Sets configuration properties for a CIFS local group.
The description and the privileges for the built-in
groups cannot be changed.
The -p property=value option specifies the list of
SunOS 5.11 Last change: 8 Jan 2009 6
System Administration Commands smbadm(1M)
properties to be set on the specified group.
The group-related properties are as follows:
backup=[onoff]
Specifies whether members of the CIFS local group
can bypass file access controls to back up file sys-
tem objects.
description=description-text
Specifies a text description for the CIFS local
group.
restore=[onoff]
Specifies whether members of the CIFS local group
can bypass file access controls to restore file sys-
tem objects.
take-ownership=[onoff]
Specifies whether members of the CIFS local group
can take ownership of file system objects.
show [-m] [-p] [group]
Shows information about the specified CIFS local group
or groups. If no group is specified, information is
shown for all groups. If the -m option is specified, the
group members are also shown. If the -p option is speci-
fied, the group privileges are also shown.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
ATRIBUTES
See the attributes(5) man page for descriptions of the fol-
lowing attributes:
SunOS 5.11 Last change: 8 Jan 2009 7
System Administration Commands smbadm(1M)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWsmbsu
Utility Name and Options Uncommitted
Utility Output Format Not-An-Interface
smbadm join Obsolete
SEE ALSO
passwd(1), groupadd(1M), idmap(1M), idmapd(1M), kclient(1M),
share(1M), sharectl(1M), sharemgr(1M), smbd(1M),
smbstat(1M), smb(4), smbautohome(4), attributes(5),
pamsmbpasswd(5), smf(5)
SunOS 5.11 Last change: 8 Jan 2009 8
|
