1NET(8) System Administration tools NET(8)
2
6 net - Tool for administration of Samba and remote CIFS servers.
7
9 net {<ads|rap|rpc>} [-h|--help] [-w|--workgroup workgroup]
10 [-W|--myworkgroup myworkgroup] [-U|--user user]
11 [-I|--ipaddress ip-address] [-p|--port port] [-n myname] [-s conffile]
12 [-S|--server server] [-l|--long] [-v|--verbose] [-f|--force]
13 [-P|--machine-pass] [-d debuglevel] [-V] [--request-timeout seconds]
14 [-t|--timeout seconds] [-i|--stdin] [--tallocreport]
15
17 This tool is part of the samba(7) suite.
18 The Samba net utility is meant to work just like the net utility
20 available for windows and DOS. The first argument should be used to
21 specify the protocol to use when executing a certain command. ADS is
22 used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and
23 RPC can be used for NT4 and Windows 2000. If this argument is omitted,
24 net will try to determine it automatically. Not all commands are
25 available on all protocols.
26
28 -?|--help
29 Print a summary of command line options.
30 -k|--kerberos
32 Try to authenticate with kerberos. Only useful in an Active
33 Directory environment.
34 -w|--workgroup target-workgroup
36 Sets target workgroup or domain. You have to specify either this
37 option or the IP address or the name of a server.
38 -W|--myworkgroup workgroup
40 Sets client workgroup or domain
41 -U|--user user
43 User name to use
44 -I|--ipaddress ip-address
46 IP address of target server to use. You have to specify either this
47 option or a target workgroup or a target server.
48 -p|--port port
50 Port on the target server to connect to (usually 139 or 445).
51 Defaults to trying 445 first, then 139.
52 -n|--netbiosname <primary NetBIOS name>
54 This option allows you to override the NetBIOS name that Samba uses
55 for itself. This is identical to setting the netbios name parameter
56 in the smb.conf file. However, a command line setting will take
57 precedence over settings in smb.conf.
58 -s|--configfile=<configuration file>
60 The file specified contains the configuration details required by
61 the server. The information in this file includes server-specific
62 information such as what printcap file to use, as well as
63 descriptions of all the services that the server is to provide. See
64 smb.conf for more information. The default configuration file name
65 is determined at compile time.
66 -S|--server server
68 Name of target server. You should specify either this option or a
69 target workgroup or a target IP address.
70 -l|--long
72 When listing data, give more information on each item.
73 -v|--verbose
75 When listing data, give more verbose information on each item.
76 -f|--force
78 Enforcing a net command.
79 -P|--machine-pass
81 Make queries to the external server using the machine account of
82 the local server.
83 --request-timeout 30
85 Let client requests timeout after 30 seconds the default is 10
86 seconds.
87 -t|--timeout 30
89 Set timeout for client operations to 30 seconds.
90 --use-ccache
92 Try to use the credentials cached by winbind.
93 -i|--stdin
95 Take input for net commands from standard input.
96 --tallocreport
98 Generate a talloc report while processing a net command.
99 -T|--test
101 Only test command sequence, dry-run.
102 -F|--flags FLAGS
104 Pass down integer flags to a net subcommand.
105 -C|--comment COMMENT
107 Pass down a comment string to a net subcommand.
108 -n|--myname MYNAME
110 Use MYNAME as a requester name for a net subcommand.
111 -c|--container CONTAINER
113 Use a specific AD container for net ads operations.
114 -M|--maxusers MAXUSERS
116 Fill in the maxusers field in net rpc share operations.
117 -r|--reboot
119 Reboot a remote machine after a command has been successfully
120 executed (e.g. in remote join operations).
121 --force-full-repl
123 When calling "net rpc vampire keytab" this option enforces a full
124 re-creation of the generated keytab file.
125 --single-obj-repl
127 When calling "net rpc vampire keytab" this option allows to
128 replicate just a single object to the generated keytab file.
129 --clean-old-entries
131 When calling "net rpc vampire keytab" this option allows to cleanup
132 old entries from the generated keytab file.
133 --db
135 Define dbfile for "net idmap" commands.
136 --lock
138 Activates locking of the dbfile for "net idmap check" command.
139 -a|--auto
141 Activates noninteractive mode in "net idmap check".
142 --repair
144 Activates repair mode in "net idmap check".
145 --acls
147 Includes ACLs to be copied in "net rpc share migrate".
148 --attrs
150 Includes file attributes to be copied in "net rpc share migrate".
151 --timestamps
153 Includes timestamps to be copied in "net rpc share migrate".
154 -X|--exclude DIRECTORY
156 Allows to exclude directories when copying with "net rpc share
157 migrate".
158 --destination SERVERNAME
160 Defines the target servername of migration process (defaults to
161 localhost).
162 -L|--local
164 Sets the type of group mapping to local (used in "net groupmap
165 set").
166 -D|--domain
168 Sets the type of group mapping to domain (used in "net groupmap
169 set").
170 -N|--ntname NTNAME
172 Sets the ntname of a group mapping (used in "net groupmap set").
173 -R|--rid RID
175 Sets the rid of a group mapping (used in "net groupmap set").
176 --reg-version REG_VERSION
178 Assume database version {n|1,2,3} (used in "net registry check").
179 -o|--output FILENAME
181 Output database file (used in "net registry check").
182 --wipe
184 Createa a new database from scratch (used in "net registry check").
185 --precheck PRECHECK_DB_FILENAME
187 Defines filename for database prechecking (used in "net registry
188 import").
189 -e|--encrypt
191 This command line parameter requires the remote server support the
192 UNIX extensions or that the SMB3 protocol has been selected.
193 Requests that the connection be encrypted. Negotiates SMB
194 encryption using either SMB3 or POSIX extensions via GSSAPI. Uses
195 the given credentials for the encryption negotiation (either
196 kerberos or NTLMv1/v2 if given domain/username/password triple.
197 Fails the connection if encryption cannot be negotiated.
198 -d|--debuglevel=level
200 level is an integer from 0 to 10. The default value if this
201 parameter is not specified is 1.
202 The higher this value, the more detail will be logged to the log
204 files about the activities of the server. At level 0, only critical
205 errors and serious warnings will be logged. Level 1 is a reasonable
206 level for day-to-day running - it generates a small amount of
207 information about operations carried out.
208 Levels above 1 will generate considerable amounts of log data, and
210 should only be used when investigating a problem. Levels above 3
211 are designed for use only by developers and generate HUGE amounts
212 of log data, most of which is extremely cryptic.
213 Note that specifying this parameter here will override the log
215 level parameter in the smb.conf file.
216 -V|--version
218 Prints the program version number.
219 -s|--configfile=<configuration file>
221 The file specified contains the configuration details required by
222 the server. The information in this file includes server-specific
223 information such as what printcap file to use, as well as
224 descriptions of all the services that the server is to provide. See
225 smb.conf for more information. The default configuration file name
226 is determined at compile time.
227 -l|--log-basename=logdirectory
229 Base directory name for log/debug files. The extension ".progname"
230 will be appended (e.g. log.smbclient, log.smbd, etc...). The log
231 file is never removed by the client.
232 --option=<name>=<value>
234 Set the smb.conf(5) option "<name>" to value "<value>" from the
235 command line. This overrides compiled-in defaults and options read
236 from the configuration file.
237
239 CHANGESECRETPW
240 This command allows the Samba machine account password to be set from
241 an external application to a machine account password that has already
242 been stored in Active Directory. DO NOT USE this command unless you
243 know exactly what you are doing. The use of this command requires that
244 the force flag (-f) be used also. There will be NO command prompt.
245 Whatever information is piped into stdin, either by typing at the
246 command line or otherwise, will be stored as the literal machine
247 password. Do NOT use this without care and attention as it will
248 overwrite a legitimate machine password without warning. YOU HAVE BEEN
249 WARNED.
250 TIME
252 The NET TIME command allows you to view the time on a remote server or
253 synchronise the time on the local server with the time on the remote
254 server.
255 TIME
257 Without any options, the NET TIME command displays the time on the
258 remote server. The remote server must be specified with the -S option.
259 TIME SYSTEM
261 Displays the time on the remote server in a format ready for /bin/date.
262 The remote server must be specified with the -S option.
263 TIME SET
265 Tries to set the date and time of the local server to that on the
266 remote server using /bin/date. The remote server must be specified with
267 the -S option.
268 TIME ZONE
270 Displays the timezone in hours from GMT on the remote server. The
271 remote server must be specified with the -S option.
272 [RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN]
274 [createcomputer=OU] [machinepass=PASS] [osName=string osVer=string]
275 [options]
276 Join a domain. If the account already exists on the server, and [TYPE]
277 is MEMBER, the machine will attempt to join automatically. (Assuming
278 that the machine has been created in server manager) Otherwise, a
279 password will be prompted for, and a new account may be created.
280 [TYPE] may be PDC, BDC or MEMBER to specify the type of server joining
282 the domain.
283 [UPN] (ADS only) set the principalname attribute during the join. The
285 default format is host/netbiosname@REALM.
286 [OU] (ADS only) Precreate the computer account in a specific OU. The OU
288 string reads from top to bottom without RDNs, and is delimited by a
289 ´/´. Please note that ´\´ is used for escape by both the shell and
290 ldap, so it may need to be doubled or quadrupled to pass through, and
291 it is not used as a delimiter.
292 [PASS] (ADS only) Set a specific password on the computer account being
294 created by the join.
295 [osName=string osVer=String] (ADS only) Set the operatingSystem and
297 operatingSystemVersion attribute during the join. Both parameters must
298 be specified for either to take effect.
299 [RPC] OLDJOIN [options]
301 Join a domain. Use the OLDJOIN option to join the domain using the old
302 style of domain joining - you need to create a trust account in server
303 manager first.
304 [RPC|ADS] USER
306 [RPC|ADS] USER
307 List all users
308 [RPC|ADS] USER DELETE target
310 Delete specified user
311 [RPC|ADS] USER INFO target
313 List the domain groups of the specified user.
314 [RPC|ADS] USER RENAME oldname newname
316 Rename specified user.
317 [RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]
319 Add specified user.
320 [RPC|ADS] GROUP
322 [RPC|ADS] GROUP [misc options] [targets]
323 List user groups.
324 [RPC|ADS] GROUP DELETE name [misc. options]
326 Delete specified group.
327 [RPC|ADS] GROUP ADD name [-C comment]
329 Create specified group.
330 [RAP|RPC] SHARE
332 [RAP|RPC] SHARE [misc. options] [targets]
333 Enumerates all exported resources (network shares) on target server.
334 [RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]
336 Adds a share from a server (makes the export active). Maxusers
337 specifies the number of users that can be connected to the share
338 simultaneously.
339 SHARE DELETE sharename
341 Delete specified share.
342 [RPC|RAP] FILE
344 [RPC|RAP] FILE
345 List all open files on remote server.
346 [RPC|RAP] FILE CLOSE fileid
348 Close file with specified fileid on remote server.
349 [RPC|RAP] FILE INFO fileid
351 Print information on specified fileid. Currently listed are: file-id,
352 username, locks, path, permissions.
353 [RAP|RPC] FILE USER user
355 List files opened by specified user. Please note that net rap file user
356 does not work against Samba servers.
357 SESSION
359 RAP SESSION
360 Without any other options, SESSION enumerates all active SMB/CIFS
361 sessions on the target server.
362 RAP SESSION DELETE|CLOSE CLIENT_NAME
364 Close the specified sessions.
365 RAP SESSION INFO CLIENT_NAME
367 Give a list with all the open files in specified session.
368 RAP SERVER DOMAIN
370 List all servers in specified domain or workgroup. Defaults to local
371 domain.
372 RAP DOMAIN
374 Lists all domains and workgroups visible on the current network.
375 RAP PRINTQ
377 RAP PRINTQ INFO QUEUE_NAME
378 Lists the specified print queue and print jobs on the server. If the
379 QUEUE_NAME is omitted, all queues are listed.
380 RAP PRINTQ DELETE JOBID
382 Delete job with specified id.
383 RAP VALIDATE user [password]
385 Validate whether the specified user can log in to the remote server. If
386 the password is not specified on the commandline, it will be prompted.
387 Note
389 Currently NOT implemented.
390 RAP GROUPMEMBER
392 RAP GROUPMEMBER LIST GROUP
393 List all members of the specified group.
394 RAP GROUPMEMBER DELETE GROUP USER
396 Delete member from group.
397 RAP GROUPMEMBER ADD GROUP USER
399 Add member to group.
400 RAP ADMIN command
402 Execute the specified command on the remote server. Only works with
403 OS/2 servers.
404 Note
406 Currently NOT implemented.
407 RAP SERVICE
409 RAP SERVICE START NAME [arguments...]
410 Start the specified service on the remote server. Not implemented yet.
411 Note
413 Currently NOT implemented.
414 RAP SERVICE STOP
416 Stop the specified service on the remote server.
417 Note
419 Currently NOT implemented.
420 RAP PASSWORD USER OLDPASS NEWPASS
422 Change password of USER from OLDPASS to NEWPASS.
423 LOOKUP
425 LOOKUP HOST HOSTNAME [TYPE]
426 Lookup the IP address of the given host with the specified type
427 (netbios suffix). The type defaults to 0x20 (workstation).
428 LOOKUP LDAP [DOMAIN]
430 Give IP address of LDAP server of specified DOMAIN. Defaults to local
431 domain.
432 LOOKUP KDC [REALM]
434 Give IP address of KDC for the specified REALM. Defaults to local
435 realm.
436 LOOKUP DC [DOMAIN]
438 Give IP´s of Domain Controllers for specified
439 DOMAIN. Defaults to local domain.
440 LOOKUP MASTER DOMAIN
442 Give IP of master browser for specified DOMAIN or workgroup. Defaults
443 to local domain.
444 CACHE
446 Samba uses a general caching interface called ´gencache´. It can be
447 controlled using ´NET CACHE´.
448 All the timeout parameters support the suffixes:
450 s - Seconds
451 m - Minutes
452 h - Hours
453 d - Days
454 w - Weeks
455 CACHE ADD key data time-out
457 Add specified key+data to the cache with the given timeout.
458 CACHE DEL key
460 Delete key from the cache.
461 CACHE SET key data time-out
463 Update data of existing cache entry.
464 CACHE SEARCH PATTERN
466 Search for the specified pattern in the cache data.
467 CACHE LIST
469 List all current items in the cache.
470 CACHE FLUSH
472 Remove all the current items from the cache.
473 GETLOCALSID [DOMAIN]
475 Prints the SID of the specified domain, or if the parameter is omitted,
476 the SID of the local server.
477 SETLOCALSID S-1-5-21-x-y-z
479 Sets SID for the local server to the specified SID.
480 GETDOMAINSID
482 Prints the local machine SID and the SID of the current domain.
483 SETDOMAINSID
485 Sets the SID of the current domain.
486 GROUPMAP
488 Manage the mappings between Windows group SIDs and UNIX groups. Common
489 options include:
490 · unixgroup - Name of the UNIX group
492 · ntgroup - Name of the Windows NT group (must be resolvable to a SID
494 · rid - Unsigned 32-bit integer
496 · sid - Full SID in the form of "S-1-..."
498 · type - Type of the group; either ´domain´, ´local´, or ´builtin´
500 · comment - Freeform text description of the group
502 GROUPMAP ADD
505 Add a new group mapping entry:
506 net groupmap add {rid=int|sid=string} unixgroup=string \
508 [type={domain|local}] [ntgroup=string] [comment=string]
509 GROUPMAP DELETE
513 Delete a group mapping entry. If more than one group name matches, the
514 first entry found is deleted.
515 net groupmap delete {ntgroup=string|sid=SID}
517 GROUPMAP MODIFY
519 Update an existing group entry.
520 net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \
522 [comment=string] [type={domain|local}]
523 GROUPMAP LIST
527 List existing group mapping entries.
528 net groupmap list [verbose] [ntgroup=string] [sid=SID]
530 MAXRID
532 Prints out the highest RID currently in use on the local server (by the
533 active ´passdb backend´).
534 RPC INFO
536 Print information about the domain of the remote server, such as domain
537 name, domain sid and number of users and groups.
538 [RPC|ADS] TESTJOIN
540 Check whether participation in a domain is still valid.
541 [RPC|ADS] CHANGETRUSTPW
543 Force change of domain trust password.
544 RPC TRUSTDOM
546 RPC TRUSTDOM ADD DOMAIN
547 Add a interdomain trust account for DOMAIN. This is in fact a Samba
548 account named DOMAIN$ with the account flag ´I´ (interdomain trust
549 account). This is required for incoming trusts to work. It makes Samba
550 be a trusted domain of the foreign (trusting) domain. Users of the
551 Samba domain will be made available in the foreign domain. If the
552 command is used against localhost it has the same effect as smbpasswd
553 -a -i DOMAIN. Please note that both commands expect a appropriate UNIX
554 account.
555 RPC TRUSTDOM DEL DOMAIN
557 Remove interdomain trust account for DOMAIN. If it is used against
558 localhost it has the same effect as smbpasswd -x DOMAIN$.
559 RPC TRUSTDOM ESTABLISH DOMAIN
561 Establish a trust relationship to a trusted domain. Interdomain account
562 must already be created on the remote PDC. This is required for
563 outgoing trusts to work. It makes Samba be a trusting domain of a
564 foreign (trusted) domain. Users of the foreign domain will be made
565 available in our domain. You´ll need winbind and a working idmap config
566 to make them appear in your system.
567 RPC TRUSTDOM REVOKE DOMAIN
569 Abandon relationship to trusted domain
570 RPC TRUSTDOM LIST
572 List all interdomain trust relationships.
573 RPC TRUST
575 RPC TRUST CREATE
576 Create a trust object by calling lsaCreateTrustedDomainEx2. The can be
577 done on a single server or on two servers at once with the possibility
578 to use a random trust password.
579 Options:
581 otherserver
583 Domain controller of the second domain
584 otheruser
586 Admin user in the second domain
587 otherdomainsid
589 SID of the second domain
590 other_netbios_domain
592 NetBIOS (short) name of the second domain
593 otherdomain
595 DNS (full) name of the second domain
596 trustpw
598 Trust password
599 Examples:
601 Create a trust object on srv1.dom1.dom for the domain dom2
603 net rpc trust create \
605 otherdomainsid=S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx \
606 other_netbios_domain=dom2 \
607 otherdomain=dom2.dom \
608 trustpw=12345678 \
609 -S srv1.dom1.dom
610 Create a trust relationship between dom1 and dom2
612 net rpc trust create \
614 otherserver=srv2.dom2.test \
615 otheruser=dom2adm \
616 -S srv1.dom1.dom
617 RPC TRUST DELETE
619 Delete a trust object by calling lsaDeleteTrustedDomain. The can be
620 done on a single server or on two servers at once.
621 Options:
623 otherserver
625 Domain controller of the second domain
626 otheruser
628 Admin user in the second domain
629 otherdomainsid
631 SID of the second domain
632 Examples:
634 Delete a trust object on srv1.dom1.dom for the domain dom2
636 net rpc trust delete \
638 otherdomainsid=S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx \
639 -S srv1.dom1.dom
640 Delete a trust relationship between dom1 and dom2
642 net rpc trust delete \
644 otherserver=srv2.dom2.test \
645 otheruser=dom2adm \
646 -S srv1.dom1.dom
647 RPC RIGHTS
650 This subcommand is used to view and manage Samba´s rights assignments
651 (also referred to as privileges). There are three options currently
652 available: list, grant, and revoke. More details on Samba´s privilege
653 model and its use can be found in the Samba-HOWTO-Collection.
654 RPC ABORTSHUTDOWN
656 Abort the shutdown of a remote server.
657 RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]
659 Shut down the remote server.
660 -r
662 Reboot after shutdown.
663 -f
665 Force shutting down all applications.
666 -t timeout
668 Timeout before system will be shut down. An interactive user of the
669 system can use this time to cancel the shutdown.
670 -C message
672 Display the specified message on the screen to announce the
673 shutdown.
674 RPC SAMDUMP
676 Print out sam database of remote server. You need to run this against
677 the PDC, from a Samba machine joined as a BDC.
678 RPC VAMPIRE
680 Export users, aliases and groups from remote server to local server.
681 You need to run this against the PDC, from a Samba machine joined as a
682 BDC. This vampire command cannot be used against an Active Directory,
683 only against an NT4 Domain Controller.
684 RPC VAMPIRE KEYTAB
686 Dump remote SAM database to local Kerberos keytab file.
687 RPC VAMPIRE LDIF
689 Dump remote SAM database to local LDIF file or standard output.
690 RPC GETSID
692 Fetch domain SID and store it in the local secrets.tdb (or
693 secrets.ntdb).
694 ADS LEAVE
696 Make the remote host leave the domain it is part of.
697 ADS STATUS
699 Print out status of machine account of the local machine in ADS. Prints
700 out quite some debug info. Aimed at developers, regular users should
701 use NET ADS TESTJOIN.
702 ADS PRINTER
704 ADS PRINTER INFO [PRINTER] [SERVER]
705 Lookup info for PRINTER on SERVER. The printer name defaults to "*",
706 the server name defaults to the local host.
707 ADS PRINTER PUBLISH PRINTER
709 Publish specified printer using ADS.
710 ADS PRINTER REMOVE PRINTER
712 Remove specified printer from ADS directory.
713 ADS SEARCH EXPRESSION ATTRIBUTES...
715 Perform a raw LDAP search on a ADS server and dump the results. The
716 expression is a standard LDAP search expression, and the attributes are
717 a list of LDAP fields to show in the results.
718 Example: net ads search ´(objectCategory=group)´ sAMAccountName
720 ADS DN DN (attributes)
722 Perform a raw LDAP search on a ADS server and dump the results. The DN
723 standard LDAP DN, and the attributes are a list of LDAP fields to show
724 in the result.
725 Example: net ads dn ´CN=administrator,CN=Users,DC=my,DC=domain´
727 SAMAccountName
728 ADS WORKGROUP
730 Print out workgroup name for specified kerberos realm.
731 ADS ENCTYPES
733 List, modify or delete the value of the "msDS-SupportedEncryptionTypes"
734 attribute of an account in AD.
735 This attribute allows to control which Kerberos encryption types are
737 used for the generation of initial and service tickets. The value
738 consists of an integer bitmask with the following values:
739 0x00000001 DES-CBC-CRC
741 0x00000002 DES-CBC-MD5
743 0x00000004 RC4-HMAC
745 0x00000008 AES128-CTS-HMAC-SHA1-96
747 0x00000010 AES256-CTS-HMAC-SHA1-96
749 ADS ENCTYPES LIST <ACCOUNTNAME>
751 List the value of the "msDS-SupportedEncryptionTypes" attribute of a
752 given account.
753 Example: net ads enctypes list Computername
755 ADS ENCTYPES SET <ACCOUNTNAME> [enctypes]
757 Set the value of the "msDS-SupportedEncryptionTypes" attribute of the
758 LDAP object of ACCOUNTNAME to a given value. If the value is ommitted,
759 the value is set to 31 which enables all the currently supported
760 encryption types.
761 Example: net ads enctypes set Computername 24
763 ADS ENCTYPES DELETE <ACCOUNTNAME>
765 Deletes the "msDS-SupportedEncryptionTypes" attribute of the LDAP
766 object of ACCOUNTNAME.
767 Example: net ads enctypes set Computername 24
769 SAM CREATEBUILTINGROUP <NAME>
771 (Re)Create a BUILTIN group. Only a wellknown set of BUILTIN groups can
772 be created with this command. This is the list of currently recognized
773 group names: Administrators, Users, Guests, Power Users, Account
774 Operators, Server Operators, Print Operators, Backup Operators,
775 Replicator, RAS Servers, Pre-Windows 2000 compatible Access. This
776 command requires a running Winbindd with idmap allocation properly
777 configured. The group gid will be allocated out of the winbindd range.
778 SAM CREATELOCALGROUP <NAME>
780 Create a LOCAL group (also known as Alias). This command requires a
781 running Winbindd with idmap allocation properly configured. The group
782 gid will be allocated out of the winbindd range.
783 SAM DELETELOCALGROUP <NAME>
785 Delete an existing LOCAL group (also known as Alias).
786 SAM MAPUNIXGROUP <NAME>
788 Map an existing Unix group and make it a Domain Group, the domain group
789 will have the same name.
790 SAM UNMAPUNIXGROUP <NAME>
792 Remove an existing group mapping entry.
793 SAM ADDMEM <GROUP> <MEMBER>
795 Add a member to a Local group. The group can be specified only by name,
796 the member can be specified by name or SID.
797 SAM DELMEM <GROUP> <MEMBER>
799 Remove a member from a Local group. The group and the member must be
800 specified by name.
801 SAM LISTMEM <GROUP>
803 List Local group members. The group must be specified by name.
804 SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]
806 List the specified set of accounts by name. If verbose is specified,
807 the rid and description is also provided for each account.
808 SAM RIGHTS LIST
810 List all available privileges.
811 SAM RIGHTS GRANT <NAME> <PRIVILEGE>
813 Grant one or more privileges to a user.
814 SAM RIGHTS REVOKE <NAME> <PRIVILEGE>
816 Revoke one or more privileges from a user.
817 SAM SHOW <NAME>
819 Show the full DOMAIN\\NAME the SID and the type for the corresponding
820 account.
821 SAM SET HOMEDIR <NAME> <DIRECTORY>
823 Set the home directory for a user account.
824 SAM SET PROFILEPATH <NAME> <PATH>
826 Set the profile path for a user account.
827 SAM SET COMMENT <NAME> <COMMENT>
829 Set the comment for a user or group account.
830 SAM SET FULLNAME <NAME> <FULL NAME>
832 Set the full name for a user account.
833 SAM SET LOGONSCRIPT <NAME> <SCRIPT>
835 Set the logon script for a user account.
836 SAM SET HOMEDRIVE <NAME> <DRIVE>
838 Set the home drive for a user account.
839 SAM SET WORKSTATIONS <NAME> <WORKSTATIONS>
841 Set the workstations a user account is allowed to log in from.
842 SAM SET DISABLE <NAME>
844 Set the "disabled" flag for a user account.
845 SAM SET PWNOTREQ <NAME>
847 Set the "password not required" flag for a user account.
848 SAM SET AUTOLOCK <NAME>
850 Set the "autolock" flag for a user account.
851 SAM SET PWNOEXP <NAME>
853 Set the "password do not expire" flag for a user account.
854 SAM SET PWDMUSTCHANGENOW <NAME> [yes|no]
856 Set or unset the "password must change" flag for a user account.
857 SAM POLICY LIST
859 List the available account policies.
860 SAM POLICY SHOW <account policy>
862 Show the account policy value.
863 SAM POLICY SET <account policy> <value>
865 Set a value for the account policy. Valid values can be: "forever",
866 "never", "off", or a number.
867 SAM PROVISION
869 Only available if ldapsam:editposix is set and winbindd is running.
870 Properly populates the ldap tree with the basic accounts
871 (Administrator) and groups (Domain Users, Domain Admins, Domain Guests)
872 on the ldap tree.
873 IDMAP DUMP <local tdb file name>
875 Dumps the mappings contained in the local tdb file specified. This
876 command is useful to dump only the mappings produced by the idmap_tdb
877 backend.
878 IDMAP RESTORE [input file]
880 Restore the mappings from the specified file or stdin.
881 IDMAP SET SECRET <DOMAIN> <secret>
883 Store a secret for the specified domain, used primarily for domains
884 that use idmap_ldap as a backend. In this case the secret is used as
885 the password for the user DN used to bind to the ldap server.
886 IDMAP SET RANGE <RANGE> <SID> [index] [--db=<DB>]
888 Store a domain-range mapping for a given domain (and index) in autorid
889 database.
890 IDMAP SET CONFIG <config> [--db=<DB>]
892 Update CONFIG entry in autorid database.
893 IDMAP GET RANGE <SID> [index] [--db=<DB>]
895 Get the range for a given domain and index from autorid database.
896 IDMAP GET RANGES [<SID>] [--db=<DB>]
898 Get ranges for all domains or for one identified by given SID.
899 IDMAP GET CONFIG [--db=<DB>]
901 Get CONFIG entry from autorid database.
902 IDMAP DELETE MAPPING [-f] [--db=<DB>] <ID>
904 Delete a mapping sid <-> gid or sid <-> uid from the IDMAP database.
905 The mapping is given by <ID> which may either be a sid: S-x-..., a gid:
906 "GID number" or a uid: "UID number". Use -f to delete an invalid
907 partial mapping <ID> -> xx
908 Use "smbcontrol all idmap ..." to notify running smbd instances. See
910 the smbcontrol(1) manpage for details.
911 IDMAP DELETE RANGE [-f] [--db=<TDB>] <RANGE>|(<SID> [<INDEX>])
913 Delete a domain range mapping identified by ´RANGE´ or "domain SID and
914 INDEX" from autorid database. Use -f to delete invalid mappings.
915 IDMAP DELETE RANGES [-f] [--db=<TDB>] <SID>
917 Delete all domain range mappings for a domain identified by SID. Use -f
918 to delete invalid mappings.
919 IDMAP CHECK [-v] [-r] [-a] [-T] [-f] [-l] [--db=<DB>]
921 Check and repair the IDMAP database. If no option is given a read only
922 check of the database is done. Among others an interactive or automatic
923 repair mode may be chosen with one of the following options:
924 -r|--repair
926 Interactive repair mode, ask a lot of questions.
927 -a|--auto
929 Noninteractive repair mode, use default answers.
930 -v|--verbose
932 Produce more output.
933 -f|--force
935 Try to apply changes, even if they do not apply cleanly.
936 -T|--test
938 Dry run, show what changes would be made but don´t touch anything.
939 -l|--lock
941 Lock the database while doing the check.
942 --db <DB>
944 Check the specified database.
945 It reports about the finding of the following errors:
947 Missing reverse mapping:
949 A record with mapping A->B where there is no B->A. Default action
950 in repair mode is to "fix" this by adding the reverse mapping.
951 Invalid mapping:
953 A record with mapping A->B where B->C. Default action is to
954 "delete" this record.
955 Missing or invalid HWM:
957 A high water mark is not at least equal to the largest ID in the
958 database. Default action is to "fix" this by setting it to the
959 largest ID found +1.
960 Invalid record:
962 Something we failed to parse. Default action is to "edit" it in
963 interactive and "delete" it in automatic mode.
964 USERSHARE
966 Starting with version 3.0.23, a Samba server now supports the ability
967 for non-root users to add user defined shares to be exported using the
968 "net usershare" commands.
969 To set this up, first set up your smb.conf by adding to the [global]
971 section: usershare path = /usr/local/samba/lib/usershares Next create
972 the directory /usr/local/samba/lib/usershares, change the owner to root
973 and set the group owner to the UNIX group who should have the ability
974 to create usershares, for example a group called "serverops". Set the
975 permissions on /usr/local/samba/lib/usershares to 01770. (Owner and
976 group all access, no access for others, plus the sticky bit, which
977 means that a file in that directory can be renamed or deleted only by
978 the owner of the file). Finally, tell smbd how many usershares you will
979 allow by adding to the [global] section of smb.conf a line such as :
980 usershare max shares = 100. To allow 100 usershare definitions. Now,
981 members of the UNIX group "serverops" can create user defined shares on
982 demand using the commands below.
983 The usershare commands are:
985 net usershare add sharename path [comment [acl] [guest_ok=[y|n]]] -
986 to add or change a user defined share.
987 net usershare delete sharename - to delete a user defined share.
988 net usershare info [-l|--long] [wildcard sharename] - to print info
989 about a user defined share.
990 net usershare list [-l|--long] [wildcard sharename] - to list user
991 defined shares.
992 USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]
994 Add or replace a new user defined share, with name "sharename".
995 "path" specifies the absolute pathname on the system to be exported.
997 Restrictions may be put on this, see the global smb.conf parameters:
998 "usershare owner only", "usershare prefix allow list", and "usershare
999 prefix deny list".
1000 The optional "comment" parameter is the comment that will appear on the
1002 share when browsed to by a client.
1003 The optional "acl" field specifies which users have read and write
1005 access to the entire share. Note that guest connections are not allowed
1006 unless the smb.conf parameter "usershare allow guests" has been set.
1007 The definition of a user defined share acl is: "user:permission", where
1008 user is a valid username on the system and permission can be "F", "R",
1009 or "D". "F" stands for "full permissions", ie. read and write
1010 permissions. "D" stands for "deny" for a user, ie. prevent this user
1011 from accessing this share. "R" stands for "read only", ie. only allow
1012 read access to this share (no creation of new files or directories or
1013 writing to files).
1014 The default if no "acl" is given is "Everyone:R", which means any
1016 authenticated user has read-only access.
1017 The optional "guest_ok" has the same effect as the parameter of the
1019 same name in smb.conf, in that it allows guest access to this user
1020 defined share. This parameter is only allowed if the global parameter
1021 "usershare allow guests" has been set to true in the smb.conf.
1022 There is no separate command to modify an existing user defined share,
1025 just use the "net usershare add [sharename]" command using the same
1026 sharename as the one you wish to modify and specify the new options you
1027 wish. The Samba smbd daemon notices user defined share modifications at
1028 connect time so will see the change immediately, there is no need to
1029 restart smbd on adding, deleting or changing a user defined share.
1030 USERSHARE DELETE sharename
1032 Deletes the user defined share by name. The Samba smbd daemon
1033 immediately notices this change, although it will not disconnect any
1034 users currently connected to the deleted share.
1035 USERSHARE INFO [-l|--long] [wildcard sharename]
1037 Get info on user defined shares owned by the current user matching the
1038 given pattern, or all users.
1039 net usershare info on its own dumps out info on the user defined shares
1041 that were created by the current user, or restricts them to share names
1042 that match the given wildcard pattern (´*´ matches one or more
1043 characters, ´?´ matches only one character). If the ´-l´ or ´--long´
1044 option is also given, it prints out info on user defined shares created
1045 by other users.
1046 The information given about a share looks like: [foobar]
1048 path=/home/jeremy comment=testme usershare_acl=Everyone:F guest_ok=n
1049 And is a list of the current settings of the user defined share that
1050 can be modified by the "net usershare add" command.
1051 USERSHARE LIST [-l|--long] wildcard sharename
1053 List all the user defined shares owned by the current user matching the
1054 given pattern, or all users.
1055 net usershare list on its own list out the names of the user defined
1057 shares that were created by the current user, or restricts the list to
1058 share names that match the given wildcard pattern (´*´ matches one or
1059 more characters, ´?´ matches only one character). If the ´-l´ or
1060 ´--long´ option is also given, it includes the names of user defined
1061 shares created by other users.
1062 [RPC] CONF
1064 Starting with version 3.2.0, a Samba server can be configured by data
1065 stored in registry. This configuration data can be edited with the new
1066 "net conf" commands. There is also the possibility to configure a
1067 remote Samba server by enabling the RPC conf mode and specifying the
1068 address of the remote server.
1069 The deployment of this configuration data can be activated in two
1071 levels from the smb.conf file: Share definitions from registry are
1072 activated by setting registry shares to “yes” in the [global] section
1073 and global configuration options are activated by setting include =
1074 registry in the [global] section for a mixed configuration or by
1075 setting config backend = registry in the [global] section for a
1076 registry-only configuration. See the smb.conf(5) manpage for details.
1077 The conf commands are:
1079 net [rpc] conf list - Dump the complete configuration in smb.conf
1080 like format.
1081 net [rpc] conf import - Import configuration from file in smb.conf
1082 format.
1083 net [rpc] conf listshares - List the registry shares.
1084 net [rpc] conf drop - Delete the complete configuration from
1085 registry.
1086 net [rpc] conf showshare - Show the definition of a registry share.
1087 net [rpc] conf addshare - Create a new registry share.
1088 net [rpc] conf delshare - Delete a registry share.
1089 net [rpc] conf setparm - Store a parameter.
1090 net [rpc] conf getparm - Retrieve the value of a parameter.
1091 net [rpc] conf delparm - Delete a parameter.
1092 net [rpc] conf getincludes - Show the includes of a share
1093 definition.
1094 net [rpc] conf setincludes - Set includes for a share.
1095 net [rpc] conf delincludes - Delete includes from a share
1096 definition.
1097 [RPC] CONF LIST
1099 Print the configuration data stored in the registry in a smb.conf-like
1100 format to standard output.
1101 [RPC] CONF IMPORT [--test|-T] filename [section]
1103 This command imports configuration from a file in smb.conf format. If a
1104 section encountered in the input file is present in registry, its
1105 contents is replaced. Sections of registry configuration that have no
1106 counterpart in the input file are not affected. If you want to delete
1107 these, you will have to use the "net conf drop" or "net conf delshare"
1108 commands. Optionally, a section may be specified to restrict the effect
1109 of the import command to that specific section. A test mode is enabled
1110 by specifying the parameter "-T" on the commandline. In test mode, no
1111 changes are made to the registry, and the resulting configuration is
1112 printed to standard output instead.
1113 [RPC] CONF LISTSHARES
1115 List the names of the shares defined in registry.
1116 [RPC] CONF DROP
1118 Delete the complete configuration data from registry.
1119 [RPC] CONF SHOWSHARE sharename
1121 Show the definition of the share or section specified. It is valid to
1122 specify "global" as sharename to retrieve the global configuration
1123 options from registry.
1124 [RPC] CONF ADDSHARE sharename path [writeable={y|N} [guest_ok={y|N}
1126 [comment]]]
1127 Create a new share definition in registry. The sharename and path have
1128 to be given. The share name may not be "global". Optionally, values for
1129 the very common options "writeable", "guest ok" and a "comment" may be
1130 specified. The same result may be obtained by a sequence of "net conf
1131 setparm" commands.
1132 [RPC] CONF DELSHARE sharename
1134 Delete a share definition from registry.
1135 [RPC] CONF SETPARM section parameter value
1137 Store a parameter in registry. The section may be global or a
1138 sharename. The section is created if it does not exist yet.
1139 [RPC] CONF GETPARM section parameter
1141 Show a parameter stored in registry.
1142 [RPC] CONF DELPARM section parameter
1144 Delete a parameter stored in registry.
1145 [RPC] CONF GETINCLUDES section
1147 Get the list of includes for the provided section (global or share).
1148 Note that due to the nature of the registry database and the nature of
1150 include directives, the includes need special treatment: Parameters are
1151 stored in registry by the parameter name as valuename, so there is only
1152 ever one instance of a parameter per share. Also, a specific order like
1153 in a text file is not guaranteed. For all real parameters, this is
1154 perfectly ok, but the include directive is rather a meta parameter, for
1155 which, in the smb.conf text file, the place where it is specified
1156 between the other parameters is very important. This can not be
1157 achieved by the simple registry smbconf data model, so there is one
1158 ordered list of includes per share, and this list is evaluated after
1159 all the parameters of the share.
1160 Further note that currently, only files can be included from registry
1162 configuration. In the future, there will be the ability to include
1163 configuration data from other registry keys.
1164 [RPC] CONF SETINCLUDES section [filename]+
1166 Set the list of includes for the provided section (global or share) to
1167 the given list of one or more filenames. The filenames may contain the
1168 usual smb.conf macros like %I.
1169 [RPC] CONF DELINCLUDES section
1171 Delete the list of includes from the provided section (global or
1172 share).
1173 REGISTRY
1175 Manipulate Samba´s registry.
1176 The registry commands are:
1178 net registry enumerate - Enumerate registry keys and values.
1179 net registry enumerate_recursive - Enumerate registry key and its
1180 subkeys.
1181 net registry createkey - Create a new registry key.
1182 net registry deletekey - Delete a registry key.
1183 net registry deletekey_recursive - Delete a registry key with
1184 subkeys.
1185 net registry getvalue - Print a registry value.
1186 net registry getvalueraw - Print a registry value (raw format).
1187 net registry setvalue - Set a new registry value.
1188 net registry increment - Increment a DWORD registry value under a
1189 lock.
1190 net registry deletevalue - Delete a registry value.
1191 net registry getsd - Get security descriptor.
1192 net registry getsd_sdd1 - Get security descriptor in sddl format.
1193 net registry setsd_sdd1 - Set security descriptor from sddl format
1194 string.
1195 net registry import - Import a registration entries (.reg)
1196 file.
1197 net registry export - Export a registration entries (.reg)
1198 file.
1199 net registry convert - Convert a registration entries (.reg)
1200 file.
1201 net registry check - Check and repair a registry database.
1202 REGISTRY ENUMERATE key
1204 Enumerate subkeys and values of key.
1205 REGISTRY ENUMERATE_RECURSIVE key
1207 Enumerate values of key and its subkeys.
1208 REGISTRY CREATEKEY key
1210 Create a new key if not yet existing.
1211 REGISTRY DELETEKEY key
1213 Delete the given key and its values from the registry, if it has no
1214 subkeys.
1215 REGISTRY DELETEKEY_RECURSIVE key
1217 Delete the given key and all of its subkeys and values from the
1218 registry.
1219 REGISTRY GETVALUE key name
1221 Output type and actual value of the value name of the given key.
1222 REGISTRY GETVALUERAW key name
1224 Output the actual value of the value name of the given key.
1225 REGISTRY SETVALUE key name type value ...
1227 Set the value name of an existing key. type may be one of sz, multi_sz
1228 or dword. In case of multi_sz value may be given multiple times.
1229 REGISTRY INCREMENT key name [inc]
1231 Increment the DWORD value name of key by inc while holding a g_lock.
1232 inc defaults to 1.
1233 REGISTRY DELETEVALUE key name
1235 Delete the value name of the given key.
1236 REGISTRY GETSD key
1238 Get the security descriptor of the given key.
1239 REGISTRY GETSD_SDDL key
1241 Get the security descriptor of the given key as a Security Descriptor
1242 Definition Language (SDDL) string.
1243 REGISTRY SETSD_SDDL keysd
1245 Set the security descriptor of the given key from a Security Descriptor
1246 Definition Language (SDDL) string sd.
1247 REGISTRY IMPORT file [--precheck <check-file>] [opt]
1249 Import a registration entries (.reg) file.
1250 The following options are available:
1252 --precheck check-file
1254 This is a mechanism to check the existence or non-existence of
1255 certain keys or values specified in a precheck file before applying
1256 the import file. The import file will only be applied if the
1257 precheck succeeds.
1258 The check-file follows the normal registry file syntax with the
1260 following semantics:
1261 · <value name>=<value> checks whether the value exists and has
1263 the given value.
1264 · <value name>=- checks whether the value does not exist.
1266 · [key] checks whether the key exists.
1268 · [-key] checks whether the key does not exist.
1270 REGISTRY EXPORT keyfile[opt]
1273 Export a key to a registration entries (.reg) file.
1274 REGISTRY CONVERT in out [[inopt] outopt]
1276 Convert a registration entries (.reg) file in.
1277 REGISTRY CHECK [-ravTl] [-o <ODB>] [--wipe] [<DB>]
1279 Check and repair the registry database. If no option is given a read
1280 only check of the database is done. Among others an interactive or
1281 automatic repair mode may be chosen with one of the following options
1282 -r|--repair
1284 Interactive repair mode, ask a lot of questions.
1285 -a|--auto
1287 Noninteractive repair mode, use default answers.
1288 -v|--verbose
1290 Produce more output.
1291 -T|--test
1293 Dry run, show what changes would be made but don´t touch anything.
1294 -l|--lock
1296 Lock the database while doing the check.
1297 --reg-version={1,2,3}
1299 Specify the format of the registry database. If not given it
1300 defaults to the value of the binary or, if an registry.tdb is
1301 explizitly stated at the commandline, to the value found in the
1302 INFO/version record.
1303 [--db] <DB>
1305 Check the specified database.
1306 -o|--output <ODB>
1308 Create a new registry database <ODB> instead of modifying the
1309 input. If <ODB> is already existing --wipe may be used to overwrite
1310 it.
1311 --wipe
1313 Replace the registry database instead of modifying the input or
1314 overwrite an existing output database.
1315 EVENTLOG
1317 Starting with version 3.4.0 net can read, dump, import and export
1318 native win32 eventlog files (usually *.evt). evt files are used by the
1319 native Windows eventviewer tools.
1320 The import and export of evt files can only succeed when eventlog list
1322 is used in smb.conf file. See the smb.conf(5) manpage for details.
1323 The eventlog commands are:
1325 net eventlog dump - Dump a eventlog *.evt file on the screen.
1326 net eventlog import - Import a eventlog *.evt into the samba
1327 internal tdb based representation of eventlogs.
1328 net eventlog export - Export the samba internal tdb based
1329 representation of eventlogs into an eventlog *.evt file.
1330 EVENTLOG DUMP filename
1332 Prints a eventlog *.evt file to standard output.
1333 EVENTLOG IMPORT filename eventlog
1335 Imports a eventlog *.evt file defined by filename into the samba
1336 internal tdb representation of eventlog defined by eventlog. eventlog
1337 needs to part of the eventlog list defined in smb.conf. See the
1338 smb.conf(5) manpage for details.
1339 EVENTLOG EXPORT filename eventlog
1341 Exports the samba internal tdb representation of eventlog defined by
1342 eventlog to a eventlog *.evt file defined by filename. eventlog needs
1343 to part of the eventlog list defined in smb.conf. See the smb.conf(5)
1344 manpage for details.
1345 DOM
1347 Starting with version 3.2.0 Samba has support for remote join and
1348 unjoin APIs, both client and server-side. Windows supports remote join
1349 capabilities since Windows 2000.
1350 In order for Samba to be joined or unjoined remotely an account must be
1352 used that is either member of the Domain Admins group, a member of the
1353 local Administrators group or a user that is granted the
1354 SeMachineAccountPrivilege privilege.
1355 The client side support for remote join is implemented in the net dom
1357 commands which are:
1358 net dom join - Join a remote computer into a domain.
1359 net dom unjoin - Unjoin a remote computer from a domain.
1360 net dom renamecomputer - Renames a remote computer joined to a
1361 domain.
1362 DOM JOIN domain=DOMAIN ou=OU account=ACCOUNT password=PASSWORD reboot
1364 Joins a computer into a domain. This command supports the following
1365 additional parameters:
1366 · DOMAIN can be a NetBIOS domain name (also known as short domain
1368 name) or a DNS domain name for Active Directory Domains. As in
1369 Windows, it is also possible to control which Domain Controller to
1370 use. This can be achieved by appending the DC name using the \
1371 separator character. Example: MYDOM\MYDC. The DOMAIN parameter
1372 cannot be NULL.
1373 · OU can be set to a RFC 1779 LDAP DN, like
1375 ou=mymachines,cn=Users,dc=example,dc=com in order to create the
1376 machine account in a non-default LDAP container. This optional
1377 parameter is only supported when joining Active Directory Domains.
1378 · ACCOUNT defines a domain account that will be used to join the
1380 machine to the domain. This domain account needs to have sufficient
1381 privileges to join machines.
1382 · PASSWORD defines the password for the domain account defined with
1384 ACCOUNT.
1385 · REBOOT is an optional parameter that can be set to reboot the
1387 remote machine after successful join to the domain.
1388 Note that you also need to use standard net parameters to connect and
1391 authenticate to the remote machine that you want to join. These
1392 additional parameters include: -S computer and -U user.
1393 Example: net dom join -S xp -U XP\\administrator%secret domain=MYDOM
1395 account=MYDOM\\administrator password=topsecret reboot.
1396 This example would connect to a computer named XP as the local
1398 administrator using password secret, and join the computer into a
1399 domain called MYDOM using the MYDOM domain administrator account and
1400 password topsecret. After successful join, the computer would reboot.
1401 DOM UNJOIN account=ACCOUNT password=PASSWORD reboot
1403 Unjoins a computer from a domain. This command supports the following
1404 additional parameters:
1405 · ACCOUNT defines a domain account that will be used to unjoin the
1407 machine from the domain. This domain account needs to have
1408 sufficient privileges to unjoin machines.
1409 · PASSWORD defines the password for the domain account defined with
1411 ACCOUNT.
1412 · REBOOT is an optional parameter that can be set to reboot the
1414 remote machine after successful unjoin from the domain.
1415 Note that you also need to use standard net parameters to connect and
1418 authenticate to the remote machine that you want to unjoin. These
1419 additional parameters include: -S computer and -U user.
1420 Example: net dom unjoin -S xp -U XP\\administrator%secret
1422 account=MYDOM\\administrator password=topsecret reboot.
1423 This example would connect to a computer named XP as the local
1425 administrator using password secret, and unjoin the computer from the
1426 domain using the MYDOM domain administrator account and password
1427 topsecret. After successful unjoin, the computer would reboot.
1428 DOM RENAMECOMPUTER newname=NEWNAME account=ACCOUNT password=PASSWORD reboot
1430 Renames a computer that is joined to a domain. This command supports
1431 the following additional parameters:
1432 · NEWNAME defines the new name of the machine in the domain.
1434 · ACCOUNT defines a domain account that will be used to rename the
1436 machine in the domain. This domain account needs to have sufficient
1437 privileges to rename machines.
1438 · PASSWORD defines the password for the domain account defined with
1440 ACCOUNT.
1441 · REBOOT is an optional parameter that can be set to reboot the
1443 remote machine after successful rename in the domain.
1444 Note that you also need to use standard net parameters to connect and
1447 authenticate to the remote machine that you want to rename in the
1448 domain. These additional parameters include: -S computer and -U user.
1449 Example: net dom renamecomputer -S xp -U XP\\administrator%secret
1451 newname=XPNEW account=MYDOM\\administrator password=topsecret reboot.
1452 This example would connect to a computer named XP as the local
1454 administrator using password secret, and rename the joined computer to
1455 XPNEW using the MYDOM domain administrator account and password
1456 topsecret. After successful rename, the computer would reboot.
1457 G_LOCK
1459 Manage global locks.
1460 G_LOCK DO lockname timeout command
1462 Execute a shell command under a global lock. This might be useful to
1463 define the order in which several shell commands will be executed. The
1464 locking information is stored in a file called g_lock.tdb. In setups
1465 with CTDB running, the locking information will be available on all
1466 cluster nodes.
1467 · LOCKNAME defines the name of the global lock.
1469 · TIMEOUT defines the timeout.
1471 · COMMAND defines the shell command to execute.
1473 G_LOCK LOCKS
1475 Print a list of all currently existing locknames.
1476 G_LOCK DUMP lockname
1478 Dump the locking table of a certain global lock.
1479 HELP [COMMAND]
1481 Gives usage information for the specified command.
1482
1484 This man page is complete for version 3 of the Samba suite.
1485
1487 The original Samba software and related utilities were created by
1488 Andrew Tridgell. Samba is now developed by the Samba Team as an Open
1489 Source project similar to the way the Linux kernel is developed.
1490 The net manpage was written by Jelmer Vernooij.
1492Samba 4.2 06/19/2018 NET(8)