1NET(8) System Administration tools NET(8)
2
6 net - Tool for administration of Samba and remote CIFS servers.
7
9 net {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user]
10 [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-l]
11 [-P] [-d debuglevel] [-V] [--request-timeout seconds]
12
14 This tool is part of the samba(7) suite.
15 The Samba net utility is meant to work just like the net utility
17 available for windows and DOS. The first argument should be used to
18 specify the protocol to use when executing a certain command. ADS is
19 used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and
20 RPC can be used for NT4 and Windows 2000. If this argument is omitted,
21 net will try to determine it automatically. Not all commands are
22 available on all protocols.
23
25 -h|--help
26 Print a summary of command line options.
27 -w target-workgroup
29 Sets target workgroup or domain. You have to specify either this
30 option or the IP address or the name of a server.
31 -W workgroup
33 Sets client workgroup or domain
34 -U user
36 User name to use
37 -I ip-address
39 IP address of target server to use. You have to specify either this
40 option or a target workgroup or a target server.
41 -p port
43 Port on the target server to connect to (usually 139 or 445).
44 Defaults to trying 445 first, then 139.
45 -n|--netbiosname <primary NetBIOS name>
47 This option allows you to override the NetBIOS name that Samba uses
48 for itself. This is identical to setting the smb.conf.5.html#
49 parameter in the smb.conf file. However, a command line setting
50 will take precedence over settings in smb.conf.
51 -s|--configfile <configuration file>
53 The file specified contains the configuration details required by
54 the server. The information in this file includes server-specific
55 information such as what printcap file to use, as well as
56 descriptions of all the services that the server is to provide. See
57 smb.conf for more information. The default configuration file name
58 is determined at compile time.
59 -S server
61 Name of target server. You should specify either this option or a
62 target workgroup or a target IP address.
63 -l
65 When listing data, give more information on each item.
66 -P
68 Make queries to the external server using the machine account of
69 the local server.
70 --request-timeout 30
72 Let client requests timeout after 30 seconds the default is 10
73 seconds.
74 -d|--debuglevel=level
76 level is an integer from 0 to 10. The default value if this
77 parameter is not specified is 0.
78 The higher this value, the more detail will be logged to the log
80 files about the activities of the server. At level 0, only critical
81 errors and serious warnings will be logged. Level 1 is a reasonable
82 level for day-to-day running - it generates a small amount of
83 information about operations carried out.
84 Levels above 1 will generate considerable amounts of log data, and
86 should only be used when investigating a problem. Levels above 3
87 are designed for use only by developers and generate HUGE amounts
88 of log data, most of which is extremely cryptic.
89 Note that specifying this parameter here will override the
91 smb.conf.5.html# parameter in the smb.conf file.
92
94 CHANGESECRETPW
95 This command allows the Samba machine account password to be set from
96 an external application to a machine account password that has already
97 been stored in Active Directory. DO NOT USE this command unless you
98 know exactly what you are doing. The use of this command requires that
99 the force flag (-f) be used also. There will be NO command prompt.
100 Whatever information is piped into stdin, either by typing at the
101 command line or otherwise, will be stored as the literal machine
102 password. Do NOT use this without care and attention as it will
103 overwrite a legitimate machine password without warning. YOU HAVE BEEN
104 WARNED.
105 TIME
107 The NET TIME command allows you to view the time on a remote server or
108 synchronise the time on the local server with the time on the remote
109 server.
110 TIME
112 Without any options, the NET TIME command displays the time on the
113 remote server.
114 TIME SYSTEM
116 Displays the time on the remote server in a format ready for /bin/date.
117 TIME SET
119 Tries to set the date and time of the local server to that on the
120 remote server using /bin/date.
121 TIME ZONE
123 Displays the timezone in hours from GMT on the remote computer.
124 [RPC|ADS] JOIN [TYPE] [-U username[%password]] [createupn=UPN]
126 [createcomputer=OU] [options]
127 Join a domain. If the account already exists on the server, and [TYPE]
128 is MEMBER, the machine will attempt to join automatically. (Assuming
129 that the machine has been created in server manager) Otherwise, a
130 password will be prompted for, and a new account may be created.
131 [TYPE] may be PDC, BDC or MEMBER to specify the type of server joining
133 the domain.
134 [UPN] (ADS only) set the principalname attribute during the join. The
136 default format is host/netbiosname@REALM.
137 [OU] (ADS only) Precreate the computer account in a specific OU. The OU
139 string reads from top to bottom without RDNs, and is delimited by a
140 ´/´. Please note that ´\´ is used for escape by both the shell and
141 ldap, so it may need to be doubled or quadrupled to pass through, and
142 it is not used as a delimiter.
143 [RPC] OLDJOIN [options]
145 Join a domain. Use the OLDJOIN option to join the domain using the old
146 style of domain joining - you need to create a trust account in server
147 manager first.
148 [RPC|ADS] USER
150 [RPC|ADS] USER
151 List all users
152 [RPC|ADS] USER DELETE target
154 Delete specified user
155 [RPC|ADS] USER INFO target
157 List the domain groups of the specified user.
158 [RPC|ADS] USER RENAME oldname newname
160 Rename specified user.
161 [RPC|ADS] USER ADD name [password] [-F user flags] [-C comment]
163 Add specified user.
164 [RPC|ADS] GROUP
166 [RPC|ADS] GROUP [misc options] [targets]
167 List user groups.
168 [RPC|ADS] GROUP DELETE name [misc. options]
170 Delete specified group.
171 [RPC|ADS] GROUP ADD name [-C comment]
173 Create specified group.
174 [RAP|RPC] SHARE
176 [RAP|RPC] SHARE [misc. options] [targets]
177 Enumerates all exported resources (network shares) on target server.
178 [RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]
180 Adds a share from a server (makes the export active). Maxusers
181 specifies the number of users that can be connected to the share
182 simultaneously.
183 SHARE DELETE sharename
185 Delete specified share.
186 [RPC|RAP] FILE
188 [RPC|RAP] FILE
189 List all open files on remote server.
190 [RPC|RAP] FILE CLOSE fileid
192 Close file with specified fileid on remote server.
193 [RPC|RAP] FILE INFO fileid
195 Print information on specified fileid. Currently listed are: file-id,
196 username, locks, path, permissions.
197 [RAP|RPC] FILE USER user
199 List files opened by specified user. Please note that net rap file user
200 does not work against Samba servers.
201 SESSION
203 RAP SESSION
204 Without any other options, SESSION enumerates all active SMB/CIFS
205 sessions on the target server.
206 RAP SESSION DELETE|CLOSE CLIENT_NAME
208 Close the specified sessions.
209 RAP SESSION INFO CLIENT_NAME
211 Give a list with all the open files in specified session.
212 RAP SERVER DOMAIN
214 List all servers in specified domain or workgroup. Defaults to local
215 domain.
216 RAP DOMAIN
218 Lists all domains and workgroups visible on the current network.
219 RAP PRINTQ
221 RAP PRINTQ INFO QUEUE_NAME
222 Lists the specified print queue and print jobs on the server. If the
223 QUEUE_NAME is omitted, all queues are listed.
224 RAP PRINTQ DELETE JOBID
226 Delete job with specified id.
227 RAP VALIDATE user [password]
229 Validate whether the specified user can log in to the remote server. If
230 the password is not specified on the commandline, it will be prompted.
231 Note
233 Currently NOT implemented.
234 RAP GROUPMEMBER
236 RAP GROUPMEMBER LIST GROUP
237 List all members of the specified group.
238 RAP GROUPMEMBER DELETE GROUP USER
240 Delete member from group.
241 RAP GROUPMEMBER ADD GROUP USER
243 Add member to group.
244 RAP ADMIN command
246 Execute the specified command on the remote server. Only works with
247 OS/2 servers.
248 Note
250 Currently NOT implemented.
251 RAP SERVICE
253 RAP SERVICE START NAME [arguments...]
254 Start the specified service on the remote server. Not implemented yet.
255 Note
257 Currently NOT implemented.
258 RAP SERVICE STOP
260 Stop the specified service on the remote server.
261 Note
263 Currently NOT implemented.
264 RAP PASSWORD USER OLDPASS NEWPASS
266 Change password of USER from OLDPASS to NEWPASS.
267 LOOKUP
269 LOOKUP HOST HOSTNAME [TYPE]
270 Lookup the IP address of the given host with the specified type
271 (netbios suffix). The type defaults to 0x20 (workstation).
272 LOOKUP LDAP [DOMAIN]
274 Give IP address of LDAP server of specified DOMAIN. Defaults to local
275 domain.
276 LOOKUP KDC [REALM]
278 Give IP address of KDC for the specified REALM. Defaults to local
279 realm.
280 LOOKUP DC [DOMAIN]
282 Give IP´s of Domain Controllers for specified
283 DOMAIN. Defaults to local domain.
284 LOOKUP MASTER DOMAIN
286 Give IP of master browser for specified DOMAIN or workgroup. Defaults
287 to local domain.
288 CACHE
290 Samba uses a general caching interface called ´gencache´. It can be
291 controlled using ´NET CACHE´.
292 All the timeout parameters support the suffixes:
294 s - Seconds
295 m - Minutes
296 h - Hours
297 d - Days
298 w - Weeks
299 CACHE ADD key data time-out
301 Add specified key+data to the cache with the given timeout.
302 CACHE DEL key
304 Delete key from the cache.
305 CACHE SET key data time-out
307 Update data of existing cache entry.
308 CACHE SEARCH PATTERN
310 Search for the specified pattern in the cache data.
311 CACHE LIST
313 List all current items in the cache.
314 CACHE FLUSH
316 Remove all the current items from the cache.
317 GETLOCALSID [DOMAIN]
319 Prints the SID of the specified domain, or if the parameter is omitted,
320 the SID of the local server.
321 SETLOCALSID S-1-5-21-x-y-z
323 Sets SID for the local server to the specified SID.
324 GETDOMAINSID
326 Prints the local machine SID and the SID of the current domain.
327 SETDOMAINSID
329 Sets the SID of the current domain.
330 GROUPMAP
332 Manage the mappings between Windows group SIDs and UNIX groups. Common
333 options include:
334 · unixgroup - Name of the UNIX group
336 · ntgroup - Name of the Windows NT group (must be resolvable to a SID
338 · rid - Unsigned 32-bit integer
340 · sid - Full SID in the form of "S-1-..."
342 · type - Type of the group; either ´domain´, ´local´, or ´builtin´
344 · comment - Freeform text description of the group
346 GROUPMAP ADD
349 Add a new group mapping entry:
350 net groupmap add {rid=int|sid=string} unixgroup=string \
352 [type={domain|local}] [ntgroup=string] [comment=string]
353 GROUPMAP DELETE
357 Delete a group mapping entry. If more than one group name matches, the
358 first entry found is deleted.
359 net groupmap delete {ntgroup=string|sid=SID}
361 GROUPMAP MODIFY
363 Update en existing group entry.
364 net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] \
366 [comment=string] [type={domain|local}]
367 GROUPMAP LIST
371 List existing group mapping entries.
372 net groupmap list [verbose] [ntgroup=string] [sid=SID]
374 MAXRID
376 Prints out the highest RID currently in use on the local server (by the
377 active ´passdb backend´).
378 RPC INFO
380 Print information about the domain of the remote server, such as domain
381 name, domain sid and number of users and groups.
382 [RPC|ADS] TESTJOIN
384 Check whether participation in a domain is still valid.
385 [RPC|ADS] CHANGETRUSTPW
387 Force change of domain trust password.
388 RPC TRUSTDOM
390 RPC TRUSTDOM ADD DOMAIN
391 Add a interdomain trust account for DOMAIN. This is in fact a Samba
392 account named DOMAIN$ with the account flag ´I´ (interdomain trust
393 account). This is required for incoming trusts to work. It makes Samba
394 be a trusted domain of the foreign (trusting) domain. Users of the
395 Samba domain will be made available in the foreign domain. If the
396 command is used against localhost it has the same effect as smbpasswd
397 -a -i DOMAIN. Please note that both commands expect a appropriate UNIX
398 account.
399 RPC TRUSTDOM DEL DOMAIN
401 Remove interdomain trust account for DOMAIN. If it is used against
402 localhost it has the same effect as smbpasswd -x DOMAIN$.
403 RPC TRUSTDOM ESTABLISH DOMAIN
405 Establish a trust relationship to a trusted domain. Interdomain account
406 must already be created on the remote PDC. This is required for
407 outgoing trusts to work. It makes Samba be a trusting domain of a
408 foreign (trusted) domain. Users of the foreign domain will be made
409 available in our domain. You´ll need winbind and a working idmap config
410 to make them appear in your system.
411 RPC TRUSTDOM REVOKE DOMAIN
413 Abandon relationship to trusted domain
414 RPC TRUSTDOM LIST
416 List all interdomain trust relationships.
417 RPC RIGHTS
419 This subcommand is used to view and manage Samba´s rights assignments
420 (also referred to as privileges). There are three options currently
421 available: list, grant, and revoke. More details on Samba´s privilege
422 model and its use can be found in the Samba-HOWTO-Collection.
423 RPC ABORTSHUTDOWN
425 Abort the shutdown of a remote server.
426 RPC SHUTDOWN [-t timeout] [-r] [-f] [-C message]
428 Shut down the remote server.
429 -r
431 Reboot after shutdown.
432 -f
434 Force shutting down all applications.
435 -t timeout
437 Timeout before system will be shut down. An interactive user of the
438 system can use this time to cancel the shutdown.
439 -C message
441 Display the specified message on the screen to announce the
442 shutdown.
443 RPC SAMDUMP
445 Print out sam database of remote server. You need to run this against
446 the PDC, from a Samba machine joined as a BDC.
447 RPC VAMPIRE
449 Export users, aliases and groups from remote server to local server.
450 You need to run this against the PDC, from a Samba machine joined as a
451 BDC.
452 RPC VAMPIRE KEYTAB
454 Dump remote SAM database to local Kerberos keytab file.
455 RPC VAMPIRE LDIF
457 Dump remote SAM database to local LDIF file or standard output.
458 RPC GETSID
460 Fetch domain SID and store it in the local secrets.tdb.
461 ADS LEAVE
463 Make the remote host leave the domain it is part of.
464 ADS STATUS
466 Print out status of machine account of the local machine in ADS. Prints
467 out quite some debug info. Aimed at developers, regular users should
468 use NET ADS TESTJOIN.
469 ADS PRINTER
471 ADS PRINTER INFO [PRINTER] [SERVER]
472 Lookup info for PRINTER on SERVER. The printer name defaults to "*",
473 the server name defaults to the local host.
474 ADS PRINTER PUBLISH PRINTER
476 Publish specified printer using ADS.
477 ADS PRINTER REMOVE PRINTER
479 Remove specified printer from ADS directory.
480 ADS SEARCH EXPRESSION ATTRIBUTES...
482 Perform a raw LDAP search on a ADS server and dump the results. The
483 expression is a standard LDAP search expression, and the attributes are
484 a list of LDAP fields to show in the results.
485 Example: net ads search ´(objectCategory=group)´ sAMAccountName
487 ADS DN DN (attributes)
489 Perform a raw LDAP search on a ADS server and dump the results. The DN
490 standard LDAP DN, and the attributes are a list of LDAP fields to show
491 in the result.
492 Example: net ads dn ´CN=administrator,CN=Users,DC=my,DC=domain´
494 SAMAccountName
495 ADS WORKGROUP
497 Print out workgroup name for specified kerberos realm.
498 SAM CREATEBUILTINGROUP <NAME>
500 (Re)Create a BUILTIN group. Only a wellknown set of BUILTIN groups can
501 be created with this command. This is the list of currently recognized
502 group names: Administrators, Users, Guests, Power Users, Account
503 Operators, Server Operators, Print Operators, Backup Operators,
504 Replicator, RAS Servers, Pre-Windows 2000 compatible Access. This
505 command requires a running Winbindd with idmap allocation properly
506 configured. The group gid will be allocated out of the winbindd range.
507 SAM CREATELOCALGROUP <NAME>
509 Create a LOCAL group (also known as Alias). This command requires a
510 running Winbindd with idmap allocation properly configured. The group
511 gid will be allocated out of the winbindd range.
512 SAM DELETELOCALGROUP <NAME>
514 Delete an existing LOCAL group (also known as Alias).
515 SAM MAPUNIXGROUP <NAME>
517 Map an existing Unix group and make it a Domain Group, the domain group
518 will have the same name.
519 SAM UNMAPUNIXGROUP <NAME>
521 Remove an existing group mapping entry.
522 SAM ADDMEM <GROUP> <MEMBER>
524 Add a member to a Local group. The group can be specified only by name,
525 the member can be specified by name or SID.
526 SAM DELMEM <GROUP> <MEMBER>
528 Remove a member from a Local group. The group and the member must be
529 specified by name.
530 SAM LISTMEM <GROUP>
532 List Local group members. The group must be specified by name.
533 SAM LIST <users|groups|localgroups|builtin|workstations> [verbose]
535 List the specified set of accounts by name. If verbose is specified,
536 the rid and description is also provided for each account.
537 SAM RIGHTS LIST
539 List all available privileges.
540 SAM RIGHTS GRANT <NAME> <PRIVILEGE>
542 Grant one or more privileges to a user.
543 SAM RIGHTS REVOKE <NAME> <PRIVILEGE>
545 Revoke one or more privileges from a user.
546 SAM SHOW <NAME>
548 Show the full DOMAIN\\NAME the SID and the type for the corresponding
549 account.
550 SAM SET HOMEDIR <NAME> <DIRECTORY>
552 Set the home directory for a user account.
553 SAM SET PROFILEPATH <NAME> <PATH>
555 Set the profile path for a user account.
556 SAM SET COMMENT <NAME> <COMMENT>
558 Set the comment for a user or group account.
559 SAM SET FULLNAME <NAME> <FULL NAME>
561 Set the full name for a user account.
562 SAM SET LOGONSCRIPT <NAME> <SCRIPT>
564 Set the logon script for a user account.
565 SAM SET HOMEDRIVE <NAME> <DRIVE>
567 Set the home drive for a user account.
568 SAM SET WORKSTATIONS <NAME> <WORKSTATIONS>
570 Set the workstations a user account is allowed to log in from.
571 SAM SET DISABLE <NAME>
573 Set the "disabled" flag for a user account.
574 SAM SET PWNOTREQ <NAME>
576 Set the "password not required" flag for a user account.
577 SAM SET AUTOLOCK <NAME>
579 Set the "autolock" flag for a user account.
580 SAM SET PWNOEXP <NAME>
582 Set the "password do not expire" flag for a user account.
583 SAM SET PWDMUSTCHANGENOW <NAME> [yes|no]
585 Set or unset the "password must change" flag for a user account.
586 SAM POLICY LIST
588 List the available account policies.
589 SAM POLICY SHOW <account policy>
591 Show the account policy value.
592 SAM POLICY SET <account policy> <value>
594 Set a value for the account policy. Valid values can be: "forever",
595 "never", "off", or a number.
596 SAM PROVISION
598 Only available if ldapsam:editposix is set and winbindd is running.
599 Properly populates the ldap tree with the basic accounts
600 (Administrator) and groups (Domain Users, Domain Admins, Domain Guests)
601 on the ldap tree.
602 IDMAP DUMP <local tdb file name>
604 Dumps the mappings contained in the local tdb file specified. This
605 command is useful to dump only the mappings produced by the idmap_tdb
606 backend.
607 IDMAP RESTORE [input file]
609 Restore the mappings from the specified file or stdin.
610 IDMAP SECRET <DOMAIN>|ALLOC <secret>
612 Store a secret for the specified domain, used primarily for domains
613 that use idmap_ldap as a backend. In this case the secret is used as
614 the password for the user DN used to bind to the ldap server.
615 USERSHARE
617 Starting with version 3.0.23, a Samba server now supports the ability
618 for non-root users to add user defined shares to be exported using the
619 "net usershare" commands.
620 To set this up, first set up your smb.conf by adding to the [global]
622 section: usershare path = /usr/local/samba/lib/usershares Next create
623 the directory /usr/local/samba/lib/usershares, change the owner to root
624 and set the group owner to the UNIX group who should have the ability
625 to create usershares, for example a group called "serverops". Set the
626 permissions on /usr/local/samba/lib/usershares to 01770. (Owner and
627 group all access, no access for others, plus the sticky bit, which
628 means that a file in that directory can be renamed or deleted only by
629 the owner of the file). Finally, tell smbd how many usershares you will
630 allow by adding to the [global] section of smb.conf a line such as :
631 usershare max shares = 100. To allow 100 usershare definitions. Now,
632 members of the UNIX group "serverops" can create user defined shares on
633 demand using the commands below.
634 The usershare commands are:
636 net usershare add sharename path [comment [acl] [guest_ok=[y|n]]] -
637 to add or change a user defined share.
638 net usershare delete sharename - to delete a user defined share.
639 net usershare info [-l|--long] [wildcard sharename] - to print info
640 about a user defined share.
641 net usershare list [-l|--long] [wildcard sharename] - to list user
642 defined shares.
643 USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]
645 Add or replace a new user defined share, with name "sharename".
646 "path" specifies the absolute pathname on the system to be exported.
648 Restrictions may be put on this, see the global smb.conf parameters:
649 "usershare owner only", "usershare prefix allow list", and "usershare
650 prefix deny list".
651 The optional "comment" parameter is the comment that will appear on the
653 share when browsed to by a client.
654 The optional "acl" field specifies which users have read and write
656 access to the entire share. Note that guest connections are not allowed
657 unless the smb.conf parameter "usershare allow guests" has been set.
658 The definition of a user defined share acl is: "user:permission", where
659 user is a valid username on the system and permission can be "F", "R",
660 or "D". "F" stands for "full permissions", ie. read and write
661 permissions. "D" stands for "deny" for a user, ie. prevent this user
662 from accessing this share. "R" stands for "read only", ie. only allow
663 read access to this share (no creation of new files or directories or
664 writing to files).
665 The default if no "acl" is given is "Everyone:R", which means any
667 authenticated user has read-only access.
668 The optional "guest_ok" has the same effect as the parameter of the
670 same name in smb.conf, in that it allows guest access to this user
671 defined share. This parameter is only allowed if the global parameter
672 "usershare allow guests" has been set to true in the smb.conf.
673 There is no separate command to modify an existing user defined share,
676 just use the "net usershare add [sharename]" command using the same
677 sharename as the one you wish to modify and specify the new options you
678 wish. The Samba smbd daemon notices user defined share modifications at
679 connect time so will see the change immediately, there is no need to
680 restart smbd on adding, deleting or changing a user defined share.
681 USERSHARE DELETE sharename
683 Deletes the user defined share by name. The Samba smbd daemon
684 immediately notices this change, although it will not disconnect any
685 users currently connected to the deleted share.
686 USERSHARE INFO [-l|--long] [wildcard sharename]
688 Get info on user defined shares owned by the current user matching the
689 given pattern, or all users.
690 net usershare info on its own dumps out info on the user defined shares
692 that were created by the current user, or restricts them to share names
693 that match the given wildcard pattern (´*´ matches one or more
694 characters, ´?´ matches only one character). If the ´-l´ or ´--long´
695 option is also given, it prints out info on user defined shares created
696 by other users.
697 The information given about a share looks like: [foobar]
699 path=/home/jeremy comment=testme usershare_acl=Everyone:F guest_ok=n
700 And is a list of the current settings of the user defined share that
701 can be modified by the "net usershare add" command.
702 USERSHARE LIST [-l|--long] wildcard sharename
704 List all the user defined shares owned by the current user matching the
705 given pattern, or all users.
706 net usershare list on its own list out the names of the user defined
708 shares that were created by the current user, or restricts the list to
709 share names that match the given wildcard pattern (´*´ matches one or
710 more characters, ´?´ matches only one character). If the ´-l´ or
711 ´--long´ option is also given, it includes the names of user defined
712 shares created by other users.
713 CONF
715 Starting with version 3.2.0, a Samba server can be configured by data
716 stored in registry. This configuration data can be edited with the new
717 "net conf" commands.
718 The deployment of this configuration data can be activated in two
720 levels from the smb.conf file: Share definitions from registry are
721 activated by setting registry shares to “yes” in the [global] section
722 and global configuration options are activated by setting include =
723 registry in the [global] section for a mixed configuration or by
724 setting config backend = registry in the [global] section for a
725 registry-only configuration. See the smb.conf(5) manpage for details.
726 The conf commands are:
728 net conf list - Dump the complete configuration in smb.conf like
729 format.
730 net conf import - Import configuration from file in smb.conf
731 format.
732 net conf listshares - List the registry shares.
733 net conf drop - Delete the complete configuration from registry.
734 net conf showshare - Show the definition of a registry share.
735 net conf addshare - Create a new registry share.
736 net conf delshare - Delete a registry share.
737 net conf setparm - Store a parameter.
738 net conf getparm - Retrieve the value of a parameter.
739 net conf delparm - Delete a parameter.
740 net conf getincludes - Show the includes of a share definition.
741 net conf setincludes - Set includes for a share.
742 net conf delincludes - Delete includes from a share definition.
743 CONF LIST
745 Print the configuration data stored in the registry in a smb.conf-like
746 format to standard output.
747 CONF IMPORT [--test|-T] filename [section]
749 This command imports configuration from a file in smb.conf format. If a
750 section encountered in the input file is present in registry, its
751 contents is replaced. Sections of registry configuration that have no
752 counterpart in the input file are not affected. If you want to delete
753 these, you will have to use the "net conf drop" or "net conf delshare"
754 commands. Optionally, a section may be specified to restrict the effect
755 of the import command to that specific section. A test mode is enabled
756 by specifying the parameter "-T" on the commandline. In test mode, no
757 changes are made to the registry, and the resulting configuration is
758 printed to standard output instead.
759 CONF LISTSHARES
761 List the names of the shares defined in registry.
762 CONF DROP
764 Delete the complete configuration data from registry.
765 CONF SHOWSHARE sharename
767 Show the definition of the share or section specified. It is valid to
768 specify "global" as sharename to retrieve the global configuration
769 options from registry.
770 CONF ADDSHARE sharename path [writeable={y|N} [guest_ok={y|N} [comment]]]
772 Create a new share definition in registry. The sharename and path have
773 to be given. The share name may not be "global". Optionally, values for
774 the very common options "writeable", "guest ok" and a "comment" may be
775 specified. The same result may be obtained by a sequence of "net conf
776 setparm" commands.
777 CONF DELSHARE sharename
779 Delete a share definition from registry.
780 CONF SETPARM section parameter value
782 Store a parameter in registry. The section may be global or a
783 sharename. The section is created if it does not exist yet.
784 CONF GETPARM section parameter
786 Show a parameter stored in registry.
787 CONF DELPARM section parameter
789 Delete a parameter stored in registry.
790 CONF GETINCLUDES section
792 Get the list of includes for the provided section (global or share).
793 Note that due to the nature of the registry database and the nature of
795 include directives, the includes need special treatment: Parameters are
796 stored in registry by the parameter name as valuename, so there is only
797 ever one instance of a parameter per share. Also, a specific order like
798 in a text file is not guaranteed. For all real parameters, this is
799 perfectly ok, but the include directive is rather a meta parameter, for
800 which, in the smb.conf text file, the place where it is specified
801 between the other parameters is very important. This can not be
802 achieved by the simple registry smbconf data model, so there is one
803 ordered list of includes per share, and this list is evaluated after
804 all the parameters of the share.
805 Further note that currently, only files can be included from registry
807 configuration. In the future, there will be the ability to include
808 configuration data from other registry keys.
809 CONF SETINCLUDES section [filename]+
811 Set the list of includes for the provided section (global or share) to
812 the given list of one or more filenames. The filenames may contain the
813 usual smb.conf macros like %I.
814 CONF DELINCLUDES section
816 Delete the list of includes from the provided section (global or
817 share).
818 EVENTLOG
820 Starting with version 3.4.0 net can read, dump, import and export
821 native win32 eventlog files (usually *.evt). evt files are used by the
822 native Windows eventviewer tools.
823 The import and export of evt files can only succeed when eventlog list
825 is used in smb.conf file. See the smb.conf(5) manpage for details.
826 The eventlog commands are:
828 net eventlog dump - Dump a eventlog *.evt file on the screen.
829 net eventlog import - Import a eventlog *.evt into the samba
830 internal tdb based representation of eventlogs.
831 net eventlog export - Export the samba internal tdb based
832 representation of eventlogs into an eventlog *.evt file.
833 EVENTLOG DUMP filename
835 Prints a eventlog *.evt file to standard output.
836 EVENTLOG IMPORT filename eventlog
838 Imports a eventlog *.evt file defined by filename into the samba
839 internal tdb representation of eventlog defined by eventlog. eventlog
840 needs to part of the eventlog list defined in smb.conf. See the
841 smb.conf(5) manpage for details.
842 EVENTLOG EXPORT filename eventlog
844 Exports the samba internal tdb representation of eventlog defined by
845 eventlog to a eventlog *.evt file defined by filename. eventlog needs
846 to part of the eventlog list defined in smb.conf. See the smb.conf(5)
847 manpage for details.
848 DOM
850 Starting with version 3.2.0 Samba has support for remote join and
851 unjoin APIs, both client and server-side. Windows supports remote join
852 capabilities since Windows 2000.
853 In order for Samba to be joined or unjoined remotely an account must be
855 used that is either member of the Domain Admins group, a member of the
856 local Administrators group or a user that is granted the
857 SeMachineAccountPrivilege privilege.
858 The client side support for remote join is implemented in the net dom
860 commands which are:
861 net dom join - Join a remote computer into a domain.
862 net dom unjoin - Unjoin a remote computer from a domain.
863 net dom renamecomputer - Renames a remote computer joined to a
864 domain.
865 DOM JOIN domain=DOMAIN ou=OU account=ACCOUNT password=PASSWORD reboot
867 Joins a computer into a domain. This command supports the following
868 additional parameters:
869 · DOMAIN can be a NetBIOS domain name (also known as short domain
871 name) or a DNS domain name for Active Directory Domains. As in
872 Windows, it is also possible to control which Domain Controller to
873 use. This can be achieved by appending the DC name using the \
874 separator character. Example: MYDOM\MYDC. The DOMAIN parameter
875 cannot be NULL.
876 · OU can be set to a RFC 1779 LDAP DN, like
878 ou=mymachines,cn=Users,dc=example,dc=com in order to create the
879 machine account in a non-default LDAP containter. This optional
880 parameter is only supported when joining Active Directory Domains.
881 · ACCOUNT defines a domain account that will be used to join the
883 machine to the domain. This domain account needs to have sufficient
884 privileges to join machines.
885 · PASSWORD defines the password for the domain account defined with
887 ACCOUNT.
888 · REBOOT is an optional parameter that can be set to reboot the
890 remote machine after successful join to the domain.
891 Note that you also need to use standard net parameters to connect and
894 authenticate to the remote machine that you want to join. These
895 additional parameters include: -S computer and -U user.
896 Example: net dom join -S xp -U XP\\administrator%secret domain=MYDOM
898 account=MYDOM\\administrator password=topsecret reboot.
899 This example would connect to a computer named XP as the local
901 administrator using password secret, and join the computer into a
902 domain called MYDOM using the MYDOM domain administrator account and
903 password topsecret. After successful join, the computer would reboot.
904 DOM UNJOIN account=ACCOUNT password=PASSWORD reboot
906 Unjoins a computer from a domain. This command supports the following
907 additional parameters:
908 · ACCOUNT defines a domain account that will be used to unjoin the
910 machine from the domain. This domain account needs to have
911 sufficient privileges to unjoin machines.
912 · PASSWORD defines the password for the domain account defined with
914 ACCOUNT.
915 · REBOOT is an optional parameter that can be set to reboot the
917 remote machine after successful unjoin from the domain.
918 Note that you also need to use standard net parameters to connect and
921 authenticate to the remote machine that you want to unjoin. These
922 additional parameters include: -S computer and -U user.
923 Example: net dom unjoin -S xp -U XP\\administrator%secret
925 account=MYDOM\\administrator password=topsecret reboot.
926 This example would connect to a computer named XP as the local
928 administrator using password secret, and unjoin the computer from the
929 domain using the MYDOM domain administrator account and password
930 topsecret. After successful unjoin, the computer would reboot.
931 DOM RENAMECOMPUTER newname=NEWNAME account=ACCOUNT password=PASSWORD reboot
933 Renames a computer that is joined to a domain. This command supports
934 the following additional parameters:
935 · NEWNAME defines the new name of the machine in the domain.
937 · ACCOUNT defines a domain account that will be used to rename the
939 machine in the domain. This domain account needs to have sufficient
940 privileges to rename machines.
941 · PASSWORD defines the password for the domain account defined with
943 ACCOUNT.
944 · REBOOT is an optional parameter that can be set to reboot the
946 remote machine after successful rename in the domain.
947 Note that you also need to use standard net parameters to connect and
950 authenticate to the remote machine that you want to rename in the
951 domain. These additional parameters include: -S computer and -U user.
952 Example: net dom renamecomputer -S xp -U XP\\administrator%secret
954 newname=XPNEW account=MYDOM\\administrator password=topsecret reboot.
955 This example would connect to a computer named XP as the local
957 administrator using password secret, and rename the joined computer to
958 XPNEW using the MYDOM domain administrator account and password
959 topsecret. After successful rename, the computer would reboot.
960 G_LOCK
962 Manage global locks.
963 G_LOCK DO lockname timeout command
965 Execute a shell command under a global lock. This might be useful to
966 define the order in which several shell commands will be executed. The
967 locking information is stored in a file called g_lock.tdb. In setups
968 with CTDB running, the locking information will be available on all
969 cluster nodes.
970 · LOCKNAME defines the name of the global lock.
972 · TIMEOUT defines the timeout.
974 · COMMAND defines the shell command to execute.
976 G_LOCK LOCKS
978 Print a list of all currently existing locknames.
979 G_LOCK DUMP lockname
981 Dump the locking table of a certain global lock.
982 HELP [COMMAND]
984 Gives usage information for the specified command.
985
987 This man page is complete for version 3 of the Samba suite.
988
990 The original Samba software and related utilities were created by
991 Andrew Tridgell. Samba is now developed by the Samba Team as an Open
992 Source project similar to the way the Linux kernel is developed.
993 The net manpage was written by Jelmer Vernooij.
995Samba 3.5 08/02/2011 NET(8)