1NET(8) System Administration tools NET(8)
2
6 net - Tool for administration of Samba and remote CIFS servers.
7
9 net {<ads|rap|rpc>} [-h|--help] [-w|--workgroup workgroup]
10 [-W|--myworkgroup myworkgroup] [-U|--user user]
11 [-I|--ipaddress ip-address] [-p|--port port] [-n myname] [-s conffile]
12 [-S|--server server] [-l|--long] [-v|--verbose] [-f|--force]
13 [-P|--machine-pass] [-d debuglevel] [-V] [--request-timeout seconds]
14 [-t|--timeout seconds] [-i|--stdin] [--tallocreport]
15
17 This tool is part of the samba(7) suite.
18 The Samba net utility is meant to work just like the net utility
20 available for windows and DOS. The first argument should be used to
21 specify the protocol to use when executing a certain command. ADS is
22 used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and
23 RPC can be used for NT4 and Windows 2000. If this argument is omitted,
24 net will try to determine it automatically. Not all commands are
25 available on all protocols.
26
28 -?|--help
29 Print a summary of command line options.
30 -k|--kerberos
32 Try to authenticate with kerberos. Only useful in an Active
33 Directory environment.
34 -w|--workgroup target-workgroup
36 Sets target workgroup or domain. You have to specify either this
37 option or the IP address or the name of a server.
38 -W|--myworkgroup workgroup
40 Sets client workgroup or domain
41 -U|--user user
43 User name to use
44 -I|--ipaddress ip-address
46 IP address of target server to use. You have to specify either this
47 option or a target workgroup or a target server.
48 -p|--port port
50 Port on the target server to connect to (usually 139 or 445).
51 Defaults to trying 445 first, then 139.
52 -n|--netbiosname <primary NetBIOS name>
54 This option allows you to override the NetBIOS name that Samba uses
55 for itself. This is identical to setting the netbios name parameter
56 in the smb.conf file. However, a command line setting will take
57 precedence over settings in smb.conf.
58 -S|--server server
60 Name of target server. You should specify either this option or a
61 target workgroup or a target IP address.
62 -l|--long
64 When listing data, give more information on each item.
65 -v|--verbose
67 When listing data, give more verbose information on each item.
68 -f|--force
70 Enforcing a net command.
71 -P|--machine-pass
73 Make queries to the external server using the machine account of
74 the local server.
75 --request-timeout 30
77 Let client requests timeout after 30 seconds the default is 10
78 seconds.
79 -t|--timeout 30
81 Set timeout for client operations to 30 seconds.
82 --use-ccache
84 Try to use the credentials cached by winbind.
85 -i|--stdin
87 Take input for net commands from standard input.
88 --tallocreport
90 Generate a talloc report while processing a net command.
91 -T|--test
93 Only test command sequence, dry-run.
94 -F|--flags FLAGS
96 Pass down integer flags to a net subcommand.
97 -C|--comment COMMENT
99 Pass down a comment string to a net subcommand.
100 -n|--myname MYNAME
102 Use MYNAME as a requester name for a net subcommand.
103 -c|--container CONTAINER
105 Use a specific AD container for net ads operations.
106 -M|--maxusers MAXUSERS
108 Fill in the maxusers field in net rpc share operations.
109 -r|--reboot
111 Reboot a remote machine after a command has been successfully
112 executed (e.g. in remote join operations).
113 --force-full-repl
115 When calling "net rpc vampire keytab" this option enforces a full
116 re-creation of the generated keytab file.
117 --single-obj-repl
119 When calling "net rpc vampire keytab" this option allows one to
120 replicate just a single object to the generated keytab file.
121 --clean-old-entries
123 When calling "net rpc vampire keytab" this option allows one to
124 cleanup old entries from the generated keytab file.
125 --db
127 Define dbfile for "net idmap" commands.
128 --lock
130 Activates locking of the dbfile for "net idmap check" command.
131 -a|--auto
133 Activates noninteractive mode in "net idmap check".
134 --repair
136 Activates repair mode in "net idmap check".
137 --acls
139 Includes ACLs to be copied in "net rpc share migrate".
140 --attrs
142 Includes file attributes to be copied in "net rpc share migrate".
143 --timestamps
145 Includes timestamps to be copied in "net rpc share migrate".
146 -X|--exclude DIRECTORY
148 Allows one to exclude directories when copying with "net rpc share
149 migrate".
150 --destination SERVERNAME
152 Defines the target servername of migration process (defaults to
153 localhost).
154 -L|--local
156 Sets the type of group mapping to local (used in "net groupmap
157 set").
158 -D|--domain
160 Sets the type of group mapping to domain (used in "net groupmap
161 set").
162 -N|--ntname NTNAME
164 Sets the ntname of a group mapping (used in "net groupmap set").
165 -R|--rid RID
167 Sets the rid of a group mapping (used in "net groupmap set").
168 --reg-version REG_VERSION
170 Assume database version {n|1,2,3} (used in "net registry check").
171 -o|--output FILENAME
173 Output database file (used in "net registry check").
174 --wipe
176 Create a new database from scratch (used in "net registry check").
177 --precheck PRECHECK_DB_FILENAME
179 Defines filename for database prechecking (used in "net registry
180 import").
181 --no-dns-updates
183 Do not perform DNS updates as part of "net ads join".
184 -e|--encrypt
186 This command line parameter requires the remote server support the
187 UNIX extensions or that the SMB3 protocol has been selected.
188 Requests that the connection be encrypted. Negotiates SMB
189 encryption using either SMB3 or POSIX extensions via GSSAPI. Uses
190 the given credentials for the encryption negotiation (either
191 kerberos or NTLMv1/v2 if given domain/username/password triple.
192 Fails the connection if encryption cannot be negotiated.
193 -d|--debuglevel=level
195 level is an integer from 0 to 10. The default value if this
196 parameter is not specified is 1.
197 The higher this value, the more detail will be logged to the log
199 files about the activities of the server. At level 0, only critical
200 errors and serious warnings will be logged. Level 1 is a reasonable
201 level for day-to-day running - it generates a small amount of
202 information about operations carried out.
203 Levels above 1 will generate considerable amounts of log data, and
205 should only be used when investigating a problem. Levels above 3
206 are designed for use only by developers and generate HUGE amounts
207 of log data, most of which is extremely cryptic.
208 Note that specifying this parameter here will override the log
210 level parameter in the smb.conf file.
211 -V|--version
213 Prints the program version number.
214 -s|--configfile=<configuration file>
216 The file specified contains the configuration details required by
217 the server. The information in this file includes server-specific
218 information such as what printcap file to use, as well as
219 descriptions of all the services that the server is to provide. See
220 smb.conf for more information. The default configuration file name
221 is determined at compile time.
222 -l|--log-basename=logdirectory
224 Base directory name for log/debug files. The extension ".progname"
225 will be appended (e.g. log.smbclient, log.smbd, etc...). The log
226 file is never removed by the client.
227 --option=<name>=<value>
229 Set the smb.conf(5) option "<name>" to value "<value>" from the
230 command line. This overrides compiled-in defaults and options read
231 from the configuration file.
232
234 CHANGESECRETPW
235 This command allows the Samba machine account password to be set from
236 an external application to a machine account password that has already
237 been stored in Active Directory. DO NOT USE this command unless you
238 know exactly what you are doing. The use of this command requires that
239 the force flag (-f) be used also. There will be NO command prompt.
240 Whatever information is piped into stdin, either by typing at the
241 command line or otherwise, will be stored as the literal machine
242 password. Do NOT use this without care and attention as it will
243 overwrite a legitimate machine password without warning. YOU HAVE BEEN
244 WARNED.
245 TIME
247 The NET TIME command allows you to view the time on a remote server or
248 synchronise the time on the local server with the time on the remote
249 server.
250 TIME
252 Without any options, the NET TIME command displays the time on the
253 remote server. The remote server must be specified with the -S option.
254 TIME SYSTEM
256 Displays the time on the remote server in a format ready for /bin/date.
257 The remote server must be specified with the -S option.
258 TIME SET
260 Tries to set the date and time of the local server to that on the
261 remote server using /bin/date. The remote server must be specified with
262 the -S option.
263 TIME ZONE
265 Displays the timezone in hours from GMT on the remote server. The
266 remote server must be specified with the -S option.
267 [RPC|ADS] JOIN [TYPE] [--no-dns-updates] [-U username[%password]]
269 [createupn=UPN] [createcomputer=OU] [machinepass=PASS] [osName=string
270 osVer=string] [options]
271 Join a domain. If the account already exists on the server, and [TYPE]
272 is MEMBER, the machine will attempt to join automatically. (Assuming
273 that the machine has been created in server manager) Otherwise, a
274 password will be prompted for, and a new account may be created.
275 [TYPE] may be PDC, BDC or MEMBER to specify the type of server joining
277 the domain.
278 [UPN] (ADS only) set the principalname attribute during the join. The
280 default format is host/netbiosname@REALM.
281 [OU] (ADS only) Precreate the computer account in a specific OU. The OU
283 string reads from top to bottom without RDNs, and is delimited by a
284 '/'. Please note that '\' is used for escape by both the shell and
285 ldap, so it may need to be doubled or quadrupled to pass through, and
286 it is not used as a delimiter.
287 [PASS] (ADS only) Set a specific password on the computer account being
289 created by the join.
290 [osName=string osVer=String] (ADS only) Set the operatingSystem and
292 operatingSystemVersion attribute during the join. Both parameters must
293 be specified for either to take effect.
294 [RPC] OLDJOIN [options]
296 Join a domain. Use the OLDJOIN option to join the domain using the old
297 style of domain joining - you need to create a trust account in server
298 manager first.
299 [RPC|ADS] USER
301 [RPC|ADS] USER
302 List all users
303 [RPC|ADS] USER DELETE target
305 Delete specified user
306 [RPC|ADS] USER INFO target
308 List the domain groups of the specified user.
309 [RPC|ADS] USER RENAME oldname newname
311 Rename specified user.
312 [RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]
314 Add specified user.
315 [RPC|ADS] GROUP
317 [RPC|ADS] GROUP [misc options] [targets]
318 List user groups.
319 [RPC|ADS] GROUP DELETE name [misc. options]
321 Delete specified group.
322 [RPC|ADS] GROUP ADD name [-C comment]
324 Create specified group.
325 [RAP|RPC] SHARE
327 [RAP|RPC] SHARE [misc. options] [targets]
328 Enumerates all exported resources (network shares) on target server.
329 [RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]
331 Adds a share from a server (makes the export active). Maxusers
332 specifies the number of users that can be connected to the share
333 simultaneously.
334 SHARE DELETE sharename
336 Delete specified share.
337 [RPC|RAP] FILE
339 [RPC|RAP] FILE
340 List all open files on remote server.
341 [RPC|RAP] FILE CLOSE fileid
343 Close file with specified fileid on remote server.
344 [RPC|RAP] FILE INFO fileid
346 Print information on specified fileid. Currently listed are: file-id,
347 username, locks, path, permissions.
348 [RAP|RPC] FILE USER user
350 List files opened by specified user. Please note that net rap file user
351 does not work against Samba servers.
352 SESSION
354 RAP SESSION
355 Without any other options, SESSION enumerates all active SMB/CIFS
356 sessions on the target server.
357 RAP SESSION DELETE|CLOSE CLIENT_NAME
359 Close the specified sessions.
360 RAP SESSION INFO CLIENT_NAME
362 Give a list with all the open files in specified session.
363 RAP SERVER DOMAIN
365 List all servers in specified domain or workgroup. Defaults to local
366 domain.
367 RAP DOMAIN
369 Lists all domains and workgroups visible on the current network.
370 RAP PRINTQ
372 RAP PRINTQ INFO QUEUE_NAME
373 Lists the specified print queue and print jobs on the server. If the
374 QUEUE_NAME is omitted, all queues are listed.
375 RAP PRINTQ DELETE JOBID
377 Delete job with specified id.
378 RAP VALIDATE user [password]
380 Validate whether the specified user can log in to the remote server. If
381 the password is not specified on the commandline, it will be prompted.
382 Note
384 Currently NOT implemented.
385 RAP GROUPMEMBER
387 RAP GROUPMEMBER LIST GROUP
388 List all members of the specified group.
389 RAP GROUPMEMBER DELETE GROUP USER
391 Delete member from group.
392 RAP GROUPMEMBER ADD GROUP USER
394 Add member to group.
395 RAP ADMIN command
397 Execute the specified command on the remote server. Only works with
398 OS/2 servers.
399 Note
401 Currently NOT implemented.
402 RAP SERVICE
404 RAP SERVICE START NAME [arguments...]
405 Start the specified service on the remote server. Not implemented yet.
406 Note
408 Currently NOT implemented.
409 RAP SERVICE STOP
411 Stop the specified service on the remote server.
412 Note
414 Currently NOT implemented.
415 RAP PASSWORD USER OLDPASS NEWPASS
417 Change password of USER from OLDPASS to NEWPASS.
418 LOOKUP
420 LOOKUP HOST HOSTNAME [TYPE]
421 Lookup the IP address of the given host with the specified type
422 (netbios suffix). The type defaults to 0x20 (workstation).
423 LOOKUP LDAP [DOMAIN]
425 Give IP address of LDAP server of specified DOMAIN. Defaults to local
426 domain.
427 LOOKUP KDC [REALM]
429 Give IP address of KDC for the specified REALM. Defaults to local
430 realm.
431 LOOKUP DC [DOMAIN]
433 Give IP's of Domain Controllers for specified
434 DOMAIN. Defaults to local domain.
435 LOOKUP MASTER DOMAIN
437 Give IP of master browser for specified DOMAIN or workgroup. Defaults
438 to local domain.
439 CACHE
441 Samba uses a general caching interface called 'gencache'. It can be
442 controlled using 'NET CACHE'.
443 All the timeout parameters support the suffixes:
445 s - Seconds
446 m - Minutes
447 h - Hours
448 d - Days
449 w - Weeks
450 CACHE ADD key data time-out
452 Add specified key+data to the cache with the given timeout.
453 CACHE DEL key
455 Delete key from the cache.
456 CACHE SET key data time-out
458 Update data of existing cache entry.
459 CACHE SEARCH PATTERN
461 Search for the specified pattern in the cache data.
462 CACHE LIST
464 List all current items in the cache.
465 CACHE FLUSH
467 Remove all the current items from the cache.
468 GETLOCALSID [DOMAIN]
470 Prints the SID of the specified domain, or if the parameter is omitted,
471 the SID of the local server.
472 SETLOCALSID S-1-5-21-x-y-z
474 Sets SID for the local server to the specified SID.
475 GETDOMAINSID
477 Prints the local machine SID and the SID of the current domain.
478 SETDOMAINSID
480 Sets the SID of the current domain.
481 GROUPMAP
483 Manage the mappings between Windows group SIDs and UNIX groups. Common
484 options include:
485 · unixgroup - Name of the UNIX group
487 · ntgroup - Name of the Windows NT group (must be resolvable
489 to a SID
490 · rid - Unsigned 32-bit integer
492 · sid - Full SID in the form of "S-1-..."
494 · type - Type of the group; either 'domain', 'local', or
496 'builtin'
497 · comment - Freeform text description of the group
499 GROUPMAP ADD
502 Add a new group mapping entry:
503 net groupmap add {rid=int|sid=string} unixgroup=string \
505 [type={domain|local}] [ntgroup=string] [comment=string]
506 GROUPMAP DELETE
510 Delete a group mapping entry. If more than one group name matches, the
511 first entry found is deleted.
512 net groupmap delete {ntgroup=string|sid=SID}
514 GROUPMAP MODIFY
516 Update an existing group entry.
517 net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \
519 [comment=string] [type={domain|local}]
520 GROUPMAP LIST
524 List existing group mapping entries.
525 net groupmap list [verbose] [ntgroup=string] [sid=SID]
527 MAXRID
529 Prints out the highest RID currently in use on the local server (by the
530 active 'passdb backend').
531 RPC INFO
533 Print information about the domain of the remote server, such as domain
534 name, domain sid and number of users and groups.
535 [RPC|ADS] TESTJOIN
537 Check whether participation in a domain is still valid.
538 [RPC|ADS] CHANGETRUSTPW
540 Force change of domain trust password.
541 RPC TRUSTDOM
543 RPC TRUSTDOM ADD DOMAIN
544 Add a interdomain trust account for DOMAIN. This is in fact a Samba
545 account named DOMAIN$ with the account flag 'I' (interdomain trust
546 account). This is required for incoming trusts to work. It makes Samba
547 be a trusted domain of the foreign (trusting) domain. Users of the
548 Samba domain will be made available in the foreign domain. If the
549 command is used against localhost it has the same effect as smbpasswd
550 -a -i DOMAIN. Please note that both commands expect a appropriate UNIX
551 account.
552 RPC TRUSTDOM DEL DOMAIN
554 Remove interdomain trust account for DOMAIN. If it is used against
555 localhost it has the same effect as smbpasswd -x DOMAIN$.
556 RPC TRUSTDOM ESTABLISH DOMAIN
558 Establish a trust relationship to a trusted domain. Interdomain account
559 must already be created on the remote PDC. This is required for
560 outgoing trusts to work. It makes Samba be a trusting domain of a
561 foreign (trusted) domain. Users of the foreign domain will be made
562 available in our domain. You'll need winbind and a working idmap config
563 to make them appear in your system.
564 RPC TRUSTDOM REVOKE DOMAIN
566 Abandon relationship to trusted domain
567 RPC TRUSTDOM LIST
569 List all interdomain trust relationships.
570 RPC TRUST
572 RPC TRUST CREATE
573 Create a trust object by calling lsaCreateTrustedDomainEx2. The can be
574 done on a single server or on two servers at once with the possibility
575 to use a random trust password.
576 Options:
578 otherserver
580 Domain controller of the second domain
581 otheruser
583 Admin user in the second domain
584 otherdomainsid
586 SID of the second domain
587 other_netbios_domain
589 NetBIOS (short) name of the second domain
590 otherdomain
592 DNS (full) name of the second domain
593 trustpw
595 Trust password
596 Examples:
598 Create a trust object on srv1.dom1.dom for the domain dom2
600 net rpc trust create \
602 otherdomainsid=S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx \
603 other_netbios_domain=dom2 \
604 otherdomain=dom2.dom \
605 trustpw=12345678 \
606 -S srv1.dom1.dom
607 Create a trust relationship between dom1 and dom2
609 net rpc trust create \
611 otherserver=srv2.dom2.test \
612 otheruser=dom2adm \
613 -S srv1.dom1.dom
614 RPC TRUST DELETE
616 Delete a trust object by calling lsaDeleteTrustedDomain. The can be
617 done on a single server or on two servers at once.
618 Options:
620 otherserver
622 Domain controller of the second domain
623 otheruser
625 Admin user in the second domain
626 otherdomainsid
628 SID of the second domain
629 Examples:
631 Delete a trust object on srv1.dom1.dom for the domain dom2
633 net rpc trust delete \
635 otherdomainsid=S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx \
636 -S srv1.dom1.dom
637 Delete a trust relationship between dom1 and dom2
639 net rpc trust delete \
641 otherserver=srv2.dom2.test \
642 otheruser=dom2adm \
643 -S srv1.dom1.dom
644 RPC RIGHTS
647 This subcommand is used to view and manage Samba's rights assignments
648 (also referred to as privileges). There are three options currently
649 available: list, grant, and revoke. More details on Samba's privilege
650 model and its use can be found in the Samba-HOWTO-Collection.
651 RPC ABORTSHUTDOWN
653 Abort the shutdown of a remote server.
654 RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]
656 Shut down the remote server.
657 -r
659 Reboot after shutdown.
660 -f
662 Force shutting down all applications.
663 -t timeout
665 Timeout before system will be shut down. An interactive user of the
666 system can use this time to cancel the shutdown.
667 -C message
669 Display the specified message on the screen to announce the
670 shutdown.
671 RPC SAMDUMP
673 Print out sam database of remote server. You need to run this against
674 the PDC, from a Samba machine joined as a BDC.
675 RPC VAMPIRE
677 Export users, aliases and groups from remote server to local server.
678 You need to run this against the PDC, from a Samba machine joined as a
679 BDC. This vampire command cannot be used against an Active Directory,
680 only against an NT4 Domain Controller.
681 RPC VAMPIRE KEYTAB
683 Dump remote SAM database to local Kerberos keytab file.
684 RPC VAMPIRE LDIF
686 Dump remote SAM database to local LDIF file or standard output.
687 RPC GETSID
689 Fetch domain SID and store it in the local secrets.tdb.
690 ADS LEAVE
692 Make the remote host leave the domain it is part of.
693 ADS STATUS
695 Print out status of machine account of the local machine in ADS. Prints
696 out quite some debug info. Aimed at developers, regular users should
697 use NET ADS TESTJOIN.
698 ADS PRINTER
700 ADS PRINTER INFO [PRINTER] [SERVER]
701 Lookup info for PRINTER on SERVER. The printer name defaults to "*",
702 the server name defaults to the local host.
703 ADS PRINTER PUBLISH PRINTER
705 Publish specified printer using ADS.
706 ADS PRINTER REMOVE PRINTER
708 Remove specified printer from ADS directory.
709 ADS SEARCH EXPRESSION ATTRIBUTES...
711 Perform a raw LDAP search on a ADS server and dump the results. The
712 expression is a standard LDAP search expression, and the attributes are
713 a list of LDAP fields to show in the results.
714 Example: net ads search '(objectCategory=group)' sAMAccountName
716 ADS DN DN (attributes)
718 Perform a raw LDAP search on a ADS server and dump the results. The DN
719 standard LDAP DN, and the attributes are a list of LDAP fields to show
720 in the result.
721 Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain'
723 SAMAccountName
724 ADS WORKGROUP
726 Print out workgroup name for specified kerberos realm.
727 ADS ENCTYPES
729 List, modify or delete the value of the "msDS-SupportedEncryptionTypes"
730 attribute of an account in AD.
731 This attribute allows one to control which Kerberos encryption types
733 are used for the generation of initial and service tickets. The value
734 consists of an integer bitmask with the following values:
735 0x00000001 DES-CBC-CRC
737 0x00000002 DES-CBC-MD5
739 0x00000004 RC4-HMAC
741 0x00000008 AES128-CTS-HMAC-SHA1-96
743 0x00000010 AES256-CTS-HMAC-SHA1-96
745 ADS ENCTYPES LIST <ACCOUNTNAME>
747 List the value of the "msDS-SupportedEncryptionTypes" attribute of a
748 given account.
749 Example: net ads enctypes list Computername
751 ADS ENCTYPES SET <ACCOUNTNAME> [enctypes]
753 Set the value of the "msDS-SupportedEncryptionTypes" attribute of the
754 LDAP object of ACCOUNTNAME to a given value. If the value is omitted,
755 the value is set to 31 which enables all the currently supported
756 encryption types.
757 Example: net ads enctypes set Computername 24
759 ADS ENCTYPES DELETE <ACCOUNTNAME>
761 Deletes the "msDS-SupportedEncryptionTypes" attribute of the LDAP
762 object of ACCOUNTNAME.
763 Example: net ads enctypes set Computername 24
765 SAM CREATEBUILTINGROUP <NAME>
767 (Re)Create a BUILTIN group. Only a wellknown set of BUILTIN groups can
768 be created with this command. This is the list of currently recognized
769 group names: Administrators, Users, Guests, Power Users, Account
770 Operators, Server Operators, Print Operators, Backup Operators,
771 Replicator, RAS Servers, Pre-Windows 2000 compatible Access. This
772 command requires a running Winbindd with idmap allocation properly
773 configured. The group gid will be allocated out of the winbindd range.
774 SAM CREATELOCALGROUP <NAME>
776 Create a LOCAL group (also known as Alias). This command requires a
777 running Winbindd with idmap allocation properly configured. The group
778 gid will be allocated out of the winbindd range.
779 SAM DELETELOCALGROUP <NAME>
781 Delete an existing LOCAL group (also known as Alias).
782 SAM MAPUNIXGROUP <NAME>
784 Map an existing Unix group and make it a Domain Group, the domain group
785 will have the same name.
786 SAM UNMAPUNIXGROUP <NAME>
788 Remove an existing group mapping entry.
789 SAM ADDMEM <GROUP> <MEMBER>
791 Add a member to a Local group. The group can be specified only by name,
792 the member can be specified by name or SID.
793 SAM DELMEM <GROUP> <MEMBER>
795 Remove a member from a Local group. The group and the member must be
796 specified by name.
797 SAM LISTMEM <GROUP>
799 List Local group members. The group must be specified by name.
800 SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]
802 List the specified set of accounts by name. If verbose is specified,
803 the rid and description is also provided for each account.
804 SAM RIGHTS LIST
806 List all available privileges.
807 SAM RIGHTS GRANT <NAME> <PRIVILEGE>
809 Grant one or more privileges to a user.
810 SAM RIGHTS REVOKE <NAME> <PRIVILEGE>
812 Revoke one or more privileges from a user.
813 SAM SHOW <NAME>
815 Show the full DOMAIN\\NAME the SID and the type for the corresponding
816 account.
817 SAM SET HOMEDIR <NAME> <DIRECTORY>
819 Set the home directory for a user account.
820 SAM SET PROFILEPATH <NAME> <PATH>
822 Set the profile path for a user account.
823 SAM SET COMMENT <NAME> <COMMENT>
825 Set the comment for a user or group account.
826 SAM SET FULLNAME <NAME> <FULL NAME>
828 Set the full name for a user account.
829 SAM SET LOGONSCRIPT <NAME> <SCRIPT>
831 Set the logon script for a user account.
832 SAM SET HOMEDRIVE <NAME> <DRIVE>
834 Set the home drive for a user account.
835 SAM SET WORKSTATIONS <NAME> <WORKSTATIONS>
837 Set the workstations a user account is allowed to log in from.
838 SAM SET DISABLE <NAME>
840 Set the "disabled" flag for a user account.
841 SAM SET PWNOTREQ <NAME>
843 Set the "password not required" flag for a user account.
844 SAM SET AUTOLOCK <NAME>
846 Set the "autolock" flag for a user account.
847 SAM SET PWNOEXP <NAME>
849 Set the "password do not expire" flag for a user account.
850 SAM SET PWDMUSTCHANGENOW <NAME> [yes|no]
852 Set or unset the "password must change" flag for a user account.
853 SAM POLICY LIST
855 List the available account policies.
856 SAM POLICY SHOW <account policy>
858 Show the account policy value.
859 SAM POLICY SET <account policy> <value>
861 Set a value for the account policy. Valid values can be: "forever",
862 "never", "off", or a number.
863 SAM PROVISION
865 Only available if ldapsam:editposix is set and winbindd is running.
866 Properly populates the ldap tree with the basic accounts
867 (Administrator) and groups (Domain Users, Domain Admins, Domain Guests)
868 on the ldap tree.
869 IDMAP DUMP <local tdb file name>
871 Dumps the mappings contained in the local tdb file specified. This
872 command is useful to dump only the mappings produced by the idmap_tdb
873 backend.
874 IDMAP RESTORE [input file]
876 Restore the mappings from the specified file or stdin.
877 IDMAP SET SECRET <DOMAIN> <secret>
879 Store a secret for the specified domain, used primarily for domains
880 that use idmap_ldap as a backend. In this case the secret is used as
881 the password for the user DN used to bind to the ldap server.
882 IDMAP SET RANGE <RANGE> <SID> [index] [--db=<DB>]
884 Store a domain-range mapping for a given domain (and index) in autorid
885 database.
886 IDMAP SET CONFIG <config> [--db=<DB>]
888 Update CONFIG entry in autorid database.
889 IDMAP GET RANGE <SID> [index] [--db=<DB>]
891 Get the range for a given domain and index from autorid database.
892 IDMAP GET RANGES [<SID>] [--db=<DB>]
894 Get ranges for all domains or for one identified by given SID.
895 IDMAP GET CONFIG [--db=<DB>]
897 Get CONFIG entry from autorid database.
898 IDMAP DELETE MAPPING [-f] [--db=<DB>] <ID>
900 Delete a mapping sid <-> gid or sid <-> uid from the IDMAP database.
901 The mapping is given by <ID> which may either be a sid: S-x-..., a gid:
902 "GID number" or a uid: "UID number". Use -f to delete an invalid
903 partial mapping <ID> -> xx
904 Use "smbcontrol all idmap ..." to notify running smbd instances. See
906 the smbcontrol(1) manpage for details.
907 IDMAP DELETE RANGE [-f] [--db=<TDB>] <RANGE>|(<SID> [<INDEX>])
909 Delete a domain range mapping identified by 'RANGE' or "domain SID and
910 INDEX" from autorid database. Use -f to delete invalid mappings.
911 IDMAP DELETE RANGES [-f] [--db=<TDB>] <SID>
913 Delete all domain range mappings for a domain identified by SID. Use -f
914 to delete invalid mappings.
915 IDMAP CHECK [-v] [-r] [-a] [-T] [-f] [-l] [--db=<DB>]
917 Check and repair the IDMAP database. If no option is given a read only
918 check of the database is done. Among others an interactive or automatic
919 repair mode may be chosen with one of the following options:
920 -r|--repair
922 Interactive repair mode, ask a lot of questions.
923 -a|--auto
925 Noninteractive repair mode, use default answers.
926 -v|--verbose
928 Produce more output.
929 -f|--force
931 Try to apply changes, even if they do not apply cleanly.
932 -T|--test
934 Dry run, show what changes would be made but don't touch anything.
935 -l|--lock
937 Lock the database while doing the check.
938 --db <DB>
940 Check the specified database.
941 It reports about the finding of the following errors:
943 Missing reverse mapping:
945 A record with mapping A->B where there is no B->A. Default action
946 in repair mode is to "fix" this by adding the reverse mapping.
947 Invalid mapping:
949 A record with mapping A->B where B->C. Default action is to
950 "delete" this record.
951 Missing or invalid HWM:
953 A high water mark is not at least equal to the largest ID in the
954 database. Default action is to "fix" this by setting it to the
955 largest ID found +1.
956 Invalid record:
958 Something we failed to parse. Default action is to "edit" it in
959 interactive and "delete" it in automatic mode.
960 USERSHARE
962 Starting with version 3.0.23, a Samba server now supports the ability
963 for non-root users to add user defined shares to be exported using the
964 "net usershare" commands.
965 To set this up, first set up your smb.conf by adding to the [global]
967 section: usershare path = /usr/local/samba/lib/usershares Next create
968 the directory /usr/local/samba/lib/usershares, change the owner to root
969 and set the group owner to the UNIX group who should have the ability
970 to create usershares, for example a group called "serverops". Set the
971 permissions on /usr/local/samba/lib/usershares to 01770. (Owner and
972 group all access, no access for others, plus the sticky bit, which
973 means that a file in that directory can be renamed or deleted only by
974 the owner of the file). Finally, tell smbd how many usershares you will
975 allow by adding to the [global] section of smb.conf a line such as :
976 usershare max shares = 100. To allow 100 usershare definitions. Now,
977 members of the UNIX group "serverops" can create user defined shares on
978 demand using the commands below.
979 The usershare commands are:
981 net usershare add sharename path [comment [acl] [guest_ok=[y|n]]] -
982 to add or change a user defined share.
983 net usershare delete sharename - to delete a user defined share.
984 net usershare info [-l|--long] [wildcard sharename] - to print info
985 about a user defined share.
986 net usershare list [-l|--long] [wildcard sharename] - to list user
987 defined shares.
988 USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]
990 Add or replace a new user defined share, with name "sharename".
991 "path" specifies the absolute pathname on the system to be exported.
993 Restrictions may be put on this, see the global smb.conf parameters:
994 "usershare owner only", "usershare prefix allow list", and "usershare
995 prefix deny list".
996 The optional "comment" parameter is the comment that will appear on the
998 share when browsed to by a client.
999 The optional "acl" field specifies which users have read and write
1001 access to the entire share. Note that guest connections are not allowed
1002 unless the smb.conf parameter "usershare allow guests" has been set.
1003 The definition of a user defined share acl is: "user:permission", where
1004 user is a valid username on the system and permission can be "F", "R",
1005 or "D". "F" stands for "full permissions", ie. read and write
1006 permissions. "D" stands for "deny" for a user, ie. prevent this user
1007 from accessing this share. "R" stands for "read only", ie. only allow
1008 read access to this share (no creation of new files or directories or
1009 writing to files).
1010 The default if no "acl" is given is "Everyone:R", which means any
1012 authenticated user has read-only access.
1013 The optional "guest_ok" has the same effect as the parameter of the
1015 same name in smb.conf, in that it allows guest access to this user
1016 defined share. This parameter is only allowed if the global parameter
1017 "usershare allow guests" has been set to true in the smb.conf.
1018 There is no separate command to modify an existing user defined share,
1021 just use the "net usershare add [sharename]" command using the same
1022 sharename as the one you wish to modify and specify the new options you
1023 wish. The Samba smbd daemon notices user defined share modifications at
1024 connect time so will see the change immediately, there is no need to
1025 restart smbd on adding, deleting or changing a user defined share.
1026 USERSHARE DELETE sharename
1028 Deletes the user defined share by name. The Samba smbd daemon
1029 immediately notices this change, although it will not disconnect any
1030 users currently connected to the deleted share.
1031 USERSHARE INFO [-l|--long] [wildcard sharename]
1033 Get info on user defined shares owned by the current user matching the
1034 given pattern, or all users.
1035 net usershare info on its own dumps out info on the user defined shares
1037 that were created by the current user, or restricts them to share names
1038 that match the given wildcard pattern ('*' matches one or more
1039 characters, '?' matches only one character). If the '-l' or '--long'
1040 option is also given, it prints out info on user defined shares created
1041 by other users.
1042 The information given about a share looks like: [foobar]
1044 path=/home/jeremy comment=testme usershare_acl=Everyone:F guest_ok=n
1045 And is a list of the current settings of the user defined share that
1046 can be modified by the "net usershare add" command.
1047 USERSHARE LIST [-l|--long] wildcard sharename
1049 List all the user defined shares owned by the current user matching the
1050 given pattern, or all users.
1051 net usershare list on its own list out the names of the user defined
1053 shares that were created by the current user, or restricts the list to
1054 share names that match the given wildcard pattern ('*' matches one or
1055 more characters, '?' matches only one character). If the '-l' or
1056 '--long' option is also given, it includes the names of user defined
1057 shares created by other users.
1058 [RPC] CONF
1060 Starting with version 3.2.0, a Samba server can be configured by data
1061 stored in registry. This configuration data can be edited with the new
1062 "net conf" commands. There is also the possibility to configure a
1063 remote Samba server by enabling the RPC conf mode and specifying the
1064 address of the remote server.
1065 The deployment of this configuration data can be activated in two
1067 levels from the smb.conf file: Share definitions from registry are
1068 activated by setting registry shares to “yes” in the [global] section
1069 and global configuration options are activated by setting include =
1070 registry in the [global] section for a mixed configuration or by
1071 setting config backend = registry in the [global] section for a
1072 registry-only configuration. See the smb.conf(5) manpage for details.
1073 The conf commands are:
1075 net [rpc] conf list - Dump the complete configuration in smb.conf
1076 like format.
1077 net [rpc] conf import - Import configuration from file in smb.conf
1078 format.
1079 net [rpc] conf listshares - List the registry shares.
1080 net [rpc] conf drop - Delete the complete configuration from
1081 registry.
1082 net [rpc] conf showshare - Show the definition of a registry share.
1083 net [rpc] conf addshare - Create a new registry share.
1084 net [rpc] conf delshare - Delete a registry share.
1085 net [rpc] conf setparm - Store a parameter.
1086 net [rpc] conf getparm - Retrieve the value of a parameter.
1087 net [rpc] conf delparm - Delete a parameter.
1088 net [rpc] conf getincludes - Show the includes of a share
1089 definition.
1090 net [rpc] conf setincludes - Set includes for a share.
1091 net [rpc] conf delincludes - Delete includes from a share
1092 definition.
1093 [RPC] CONF LIST
1095 Print the configuration data stored in the registry in a smb.conf-like
1096 format to standard output.
1097 [RPC] CONF IMPORT [--test|-T] filename [section]
1099 This command imports configuration from a file in smb.conf format. If a
1100 section encountered in the input file is present in registry, its
1101 contents is replaced. Sections of registry configuration that have no
1102 counterpart in the input file are not affected. If you want to delete
1103 these, you will have to use the "net conf drop" or "net conf delshare"
1104 commands. Optionally, a section may be specified to restrict the effect
1105 of the import command to that specific section. A test mode is enabled
1106 by specifying the parameter "-T" on the commandline. In test mode, no
1107 changes are made to the registry, and the resulting configuration is
1108 printed to standard output instead.
1109 [RPC] CONF LISTSHARES
1111 List the names of the shares defined in registry.
1112 [RPC] CONF DROP
1114 Delete the complete configuration data from registry.
1115 [RPC] CONF SHOWSHARE sharename
1117 Show the definition of the share or section specified. It is valid to
1118 specify "global" as sharename to retrieve the global configuration
1119 options from registry.
1120 [RPC] CONF ADDSHARE sharename path [writeable={y|N} [guest_ok={y|N}
1122 [comment]]]
1123 Create a new share definition in registry. The sharename and path have
1124 to be given. The share name may not be "global". Optionally, values for
1125 the very common options "writeable", "guest ok" and a "comment" may be
1126 specified. The same result may be obtained by a sequence of "net conf
1127 setparm" commands.
1128 [RPC] CONF DELSHARE sharename
1130 Delete a share definition from registry.
1131 [RPC] CONF SETPARM section parameter value
1133 Store a parameter in registry. The section may be global or a
1134 sharename. The section is created if it does not exist yet.
1135 [RPC] CONF GETPARM section parameter
1137 Show a parameter stored in registry.
1138 [RPC] CONF DELPARM section parameter
1140 Delete a parameter stored in registry.
1141 [RPC] CONF GETINCLUDES section
1143 Get the list of includes for the provided section (global or share).
1144 Note that due to the nature of the registry database and the nature of
1146 include directives, the includes need special treatment: Parameters are
1147 stored in registry by the parameter name as valuename, so there is only
1148 ever one instance of a parameter per share. Also, a specific order like
1149 in a text file is not guaranteed. For all real parameters, this is
1150 perfectly ok, but the include directive is rather a meta parameter, for
1151 which, in the smb.conf text file, the place where it is specified
1152 between the other parameters is very important. This can not be
1153 achieved by the simple registry smbconf data model, so there is one
1154 ordered list of includes per share, and this list is evaluated after
1155 all the parameters of the share.
1156 Further note that currently, only files can be included from registry
1158 configuration. In the future, there will be the ability to include
1159 configuration data from other registry keys.
1160 [RPC] CONF SETINCLUDES section [filename]+
1162 Set the list of includes for the provided section (global or share) to
1163 the given list of one or more filenames. The filenames may contain the
1164 usual smb.conf macros like %I.
1165 [RPC] CONF DELINCLUDES section
1167 Delete the list of includes from the provided section (global or
1168 share).
1169 REGISTRY
1171 Manipulate Samba's registry.
1172 The registry commands are:
1174 net registry enumerate - Enumerate registry keys and values.
1175 net registry enumerate_recursive - Enumerate registry key and its
1176 subkeys.
1177 net registry createkey - Create a new registry key.
1178 net registry deletekey - Delete a registry key.
1179 net registry deletekey_recursive - Delete a registry key with
1180 subkeys.
1181 net registry getvalue - Print a registry value.
1182 net registry getvalueraw - Print a registry value (raw format).
1183 net registry setvalue - Set a new registry value.
1184 net registry increment - Increment a DWORD registry value under a
1185 lock.
1186 net registry deletevalue - Delete a registry value.
1187 net registry getsd - Get security descriptor.
1188 net registry getsd_sdd1 - Get security descriptor in sddl format.
1189 net registry setsd_sdd1 - Set security descriptor from sddl format
1190 string.
1191 net registry import - Import a registration entries (.reg)
1192 file.
1193 net registry export - Export a registration entries (.reg)
1194 file.
1195 net registry convert - Convert a registration entries (.reg)
1196 file.
1197 net registry check - Check and repair a registry database.
1198 REGISTRY ENUMERATE key
1200 Enumerate subkeys and values of key.
1201 REGISTRY ENUMERATE_RECURSIVE key
1203 Enumerate values of key and its subkeys.
1204 REGISTRY CREATEKEY key
1206 Create a new key if not yet existing.
1207 REGISTRY DELETEKEY key
1209 Delete the given key and its values from the registry, if it has no
1210 subkeys.
1211 REGISTRY DELETEKEY_RECURSIVE key
1213 Delete the given key and all of its subkeys and values from the
1214 registry.
1215 REGISTRY GETVALUE key name
1217 Output type and actual value of the value name of the given key.
1218 REGISTRY GETVALUERAW key name
1220 Output the actual value of the value name of the given key.
1221 REGISTRY SETVALUE key name type value ...
1223 Set the value name of an existing key. type may be one of sz, multi_sz
1224 or dword. In case of multi_szvalue may be given multiple times.
1225 REGISTRY INCREMENT key name [inc]
1227 Increment the DWORD value name of key by inc while holding a g_lock.
1228 inc defaults to 1.
1229 REGISTRY DELETEVALUE key name
1231 Delete the value name of the given key.
1232 REGISTRY GETSD key
1234 Get the security descriptor of the given key.
1235 REGISTRY GETSD_SDDL key
1237 Get the security descriptor of the given key as a Security Descriptor
1238 Definition Language (SDDL) string.
1239 REGISTRY SETSD_SDDL keysd
1241 Set the security descriptor of the given key from a Security Descriptor
1242 Definition Language (SDDL) string sd.
1243 REGISTRY IMPORT file [--precheck <check-file>] [opt]
1245 Import a registration entries (.reg) file.
1246 The following options are available:
1248 --precheck check-file
1250 This is a mechanism to check the existence or non-existence of
1251 certain keys or values specified in a precheck file before applying
1252 the import file. The import file will only be applied if the
1253 precheck succeeds.
1254 The check-file follows the normal registry file syntax with the
1256 following semantics:
1257 · <value name>=<value> checks whether the value exists and
1259 has the given value.
1260 · <value name>=- checks whether the value does not exist.
1262 · [key] checks whether the key exists.
1264 · [-key] checks whether the key does not exist.
1266 REGISTRY EXPORT keyfile[opt]
1269 Export a key to a registration entries (.reg) file.
1270 REGISTRY CONVERT in out [[inopt] outopt]
1272 Convert a registration entries (.reg) file in.
1273 REGISTRY CHECK [-ravTl] [-o <ODB>] [--wipe] [<DB>]
1275 Check and repair the registry database. If no option is given a read
1276 only check of the database is done. Among others an interactive or
1277 automatic repair mode may be chosen with one of the following options
1278 -r|--repair
1280 Interactive repair mode, ask a lot of questions.
1281 -a|--auto
1283 Noninteractive repair mode, use default answers.
1284 -v|--verbose
1286 Produce more output.
1287 -T|--test
1289 Dry run, show what changes would be made but don't touch anything.
1290 -l|--lock
1292 Lock the database while doing the check.
1293 --reg-version={1,2,3}
1295 Specify the format of the registry database. If not given it
1296 defaults to the value of the binary or, if an registry.tdb is
1297 explizitly stated at the commandline, to the value found in the
1298 INFO/version record.
1299 [--db] <DB>
1301 Check the specified database.
1302 -o|--output <ODB>
1304 Create a new registry database <ODB> instead of modifying the
1305 input. If <ODB> is already existing --wipe may be used to overwrite
1306 it.
1307 --wipe
1309 Replace the registry database instead of modifying the input or
1310 overwrite an existing output database.
1311 EVENTLOG
1313 Starting with version 3.4.0 net can read, dump, import and export
1314 native win32 eventlog files (usually *.evt). evt files are used by the
1315 native Windows eventviewer tools.
1316 The import and export of evt files can only succeed when eventlog list
1318 is used in smb.conf file. See the smb.conf(5) manpage for details.
1319 The eventlog commands are:
1321 net eventlog dump - Dump a eventlog *.evt file on the screen.
1322 net eventlog import - Import a eventlog *.evt into the samba
1323 internal tdb based representation of eventlogs.
1324 net eventlog export - Export the samba internal tdb based
1325 representation of eventlogs into an eventlog *.evt file.
1326 EVENTLOG DUMP filename
1328 Prints a eventlog *.evt file to standard output.
1329 EVENTLOG IMPORT filename eventlog
1331 Imports a eventlog *.evt file defined by filename into the samba
1332 internal tdb representation of eventlog defined by eventlog. eventlog
1333 needs to part of the eventlog list defined in smb.conf. See the
1334 smb.conf(5) manpage for details.
1335 EVENTLOG EXPORT filename eventlog
1337 Exports the samba internal tdb representation of eventlog defined by
1338 eventlog to a eventlog *.evt file defined by filename. eventlog needs
1339 to part of the eventlog list defined in smb.conf. See the smb.conf(5)
1340 manpage for details.
1341 DOM
1343 Starting with version 3.2.0 Samba has support for remote join and
1344 unjoin APIs, both client and server-side. Windows supports remote join
1345 capabilities since Windows 2000.
1346 In order for Samba to be joined or unjoined remotely an account must be
1348 used that is either member of the Domain Admins group, a member of the
1349 local Administrators group or a user that is granted the
1350 SeMachineAccountPrivilege privilege.
1351 The client side support for remote join is implemented in the net dom
1353 commands which are:
1354 net dom join - Join a remote computer into a domain.
1355 net dom unjoin - Unjoin a remote computer from a domain.
1356 net dom renamecomputer - Renames a remote computer joined to a
1357 domain.
1358 DOM JOIN domain=DOMAIN ou=OU account=ACCOUNT password=PASSWORD reboot
1360 Joins a computer into a domain. This command supports the following
1361 additional parameters:
1362 · DOMAIN can be a NetBIOS domain name (also known as short
1364 domain name) or a DNS domain name for Active Directory
1365 Domains. As in Windows, it is also possible to control which
1366 Domain Controller to use. This can be achieved by appending
1367 the DC name using the \ separator character. Example:
1368 MYDOM\MYDC. The DOMAIN parameter cannot be NULL.
1369 · OU can be set to a RFC 1779 LDAP DN, like
1371 ou=mymachines,cn=Users,dc=example,dc=com in order to create
1372 the machine account in a non-default LDAP container. This
1373 optional parameter is only supported when joining Active
1374 Directory Domains.
1375 · ACCOUNT defines a domain account that will be used to join
1377 the machine to the domain. This domain account needs to have
1378 sufficient privileges to join machines.
1379 · PASSWORD defines the password for the domain account defined
1381 with ACCOUNT.
1382 · REBOOT is an optional parameter that can be set to reboot
1384 the remote machine after successful join to the domain.
1385 Note that you also need to use standard net parameters to connect and
1388 authenticate to the remote machine that you want to join. These
1389 additional parameters include: -S computer and -U user.
1390 Example: net dom join -S xp -U XP\\administrator%secret domain=MYDOM
1392 account=MYDOM\\administrator password=topsecret reboot.
1393 This example would connect to a computer named XP as the local
1395 administrator using password secret, and join the computer into a
1396 domain called MYDOM using the MYDOM domain administrator account and
1397 password topsecret. After successful join, the computer would reboot.
1398 DOM UNJOIN account=ACCOUNT password=PASSWORD reboot
1400 Unjoins a computer from a domain. This command supports the following
1401 additional parameters:
1402 · ACCOUNT defines a domain account that will be used to unjoin
1404 the machine from the domain. This domain account needs to
1405 have sufficient privileges to unjoin machines.
1406 · PASSWORD defines the password for the domain account defined
1408 with ACCOUNT.
1409 · REBOOT is an optional parameter that can be set to reboot
1411 the remote machine after successful unjoin from the domain.
1412 Note that you also need to use standard net parameters to connect and
1415 authenticate to the remote machine that you want to unjoin. These
1416 additional parameters include: -S computer and -U user.
1417 Example: net dom unjoin -S xp -U XP\\administrator%secret
1419 account=MYDOM\\administrator password=topsecret reboot.
1420 This example would connect to a computer named XP as the local
1422 administrator using password secret, and unjoin the computer from the
1423 domain using the MYDOM domain administrator account and password
1424 topsecret. After successful unjoin, the computer would reboot.
1425 DOM RENAMECOMPUTER newname=NEWNAME account=ACCOUNT password=PASSWORD reboot
1427 Renames a computer that is joined to a domain. This command supports
1428 the following additional parameters:
1429 · NEWNAME defines the new name of the machine in the domain.
1431 · ACCOUNT defines a domain account that will be used to rename
1433 the machine in the domain. This domain account needs to have
1434 sufficient privileges to rename machines.
1435 · PASSWORD defines the password for the domain account defined
1437 with ACCOUNT.
1438 · REBOOT is an optional parameter that can be set to reboot
1440 the remote machine after successful rename in the domain.
1441 Note that you also need to use standard net parameters to connect and
1444 authenticate to the remote machine that you want to rename in the
1445 domain. These additional parameters include: -S computer and -U user.
1446 Example: net dom renamecomputer -S xp -U XP\\administrator%secret
1448 newname=XPNEW account=MYDOM\\administrator password=topsecret reboot.
1449 This example would connect to a computer named XP as the local
1451 administrator using password secret, and rename the joined computer to
1452 XPNEW using the MYDOM domain administrator account and password
1453 topsecret. After successful rename, the computer would reboot.
1454 G_LOCK
1456 Manage global locks.
1457 G_LOCK DO lockname timeout command
1459 Execute a shell command under a global lock. This might be useful to
1460 define the order in which several shell commands will be executed. The
1461 locking information is stored in a file called g_lock.tdb. In setups
1462 with CTDB running, the locking information will be available on all
1463 cluster nodes.
1464 · LOCKNAME defines the name of the global lock.
1466 · TIMEOUT defines the timeout.
1468 · COMMAND defines the shell command to execute.
1470 G_LOCK LOCKS
1472 Print a list of all currently existing locknames.
1473 G_LOCK DUMP lockname
1475 Dump the locking table of a certain global lock.
1476 TDB
1478 Print information from tdb records.
1479 TDB LOCKING key [DUMP]
1481 List sharename, filename and number of share modes for a record from
1482 locking.tdb. With the optional DUMP options, dump the complete record.
1483 · KEY Key of the tdb record as hex string.
1485 HELP [COMMAND]
1487 Gives usage information for the specified command.
1488
1490 This man page is complete for version 3 of the Samba suite.
1491
1493 The original Samba software and related utilities were created by
1494 Andrew Tridgell. Samba is now developed by the Samba Team as an Open
1495 Source project similar to the way the Linux kernel is developed.
1496 The net manpage was written by Jelmer Vernooij.
1498Samba 4.8.3 10/30/2018 NET(8)