1smbadm(1M) System Administration Commands smbadm(1M)
2
3
4
6 smbadm - configure and manage CIFS local groups and users, and manage
7 domain membership
8
10 smbadm add-member -m member [[-m member] ...] group
11
12
13 smbadm create [-d description] group
14
15
16 smbadm delete group
17
18
19 smbadm disable-user username
20
21
22 smbadm enable-user username
23
24
25 smbadm get [[-p property] ...] group
26
27
28 smbadm join -u username domain
29
30
31 smbadm join -w workgroup
32
33
34 smbadm list
35
36
37 smbadm remove-member -m member [[-m member] ...] group
38
39
40 smbadm rename group new-group
41
42
43 smbadm set -p property=value [[-p property=value] ...] group
44
45
46 smbadm show [-m] [-p] [group]
47
48
50 The smbadm command is used to configure CIFS local groups and to manage
51 domain membership. You can also use the smbadm command to enable or
52 disable SMB password generation for individual local users.
53
54
55 CIFS local groups can be used when Windows accounts must be members of
56 some local groups and when Windows style privileges must be granted.
57 Solaris local groups cannot provide these functions.
58
59
60 There are two types of local groups: user defined and built-in. Built-
61 in local groups are predefined local groups to support common adminis‐
62 tration tasks.
63
64
65 In order to provide proper identity mapping between CIFS local groups
66 and Solaris groups, a CIFS local group must have a corresponding
67 Solaris group. This requirement has two consequences: first, the group
68 name must conform to the intersection of the Windows and Solaris group
69 name rules. Thus, a CIFS local group name can be up to eight (8) char‐
70 acters long and contain only lowercase characters and numbers. Second,
71 a Solaris local group has to be created before a CIFS local group can
72 be created.
73
74
75 Built-in groups are standard Windows groups and are predefined by the
76 CIFS service. The built-in groups cannot be added, removed, or renamed,
77 and these groups do not follow the CIFS local group naming conventions.
78
79
80 When the CIFS server is started, the following built-in groups are
81 available:
82
83 Administrators
84
85 Group members can administer the system.
86
87
88 Backup Operators
89
90 Group members can bypass file access controls to back up and
91 restore files.
92
93
94 Power Users
95
96 Group members can share directories.
97
98
99
100 Solaris local users must have an SMB password for authentication and to
101 gain access to CIFS resources. This password is created by using the
102 passwd(1) command when the pam_smb_password module is added to the sys‐
103 tem's PAM configuration. See the pam_smb_passwd(5) man page.
104
105
106 The disable-user and enable-user subcommands control SMB password-gen‐
107 eration for a specified local user. When disabled, the user is pre‐
108 vented from connecting to the Solaris CIFS service. By default, SMB
109 password-generation is enabled for all local users.
110
111
112 To reenable a disabled user, you must use the enable-user subcommand
113 and then reset the user's password by using the passwd command. The
114 pam_smb_passwd.so.1 module must be added to the system's PAM configura‐
115 tion to generate an SMB password.
116
117 Escaping Backslash Character
118 For the add-member, remove-member, and join (with -u) subcommands, the
119 backslash character (\) is a valid separator between member or user
120 names and domain names. The backslash character is a shell special
121 character and must be quoted. For example, you might escape the back‐
122 slash character with another backslash character: domain\\username. For
123 more information about handling shell special characters, see the man
124 page for your shell.
125
127 The smbadm command uses the following operands:
128
129 domain
130
131 Specifies the name of an existing Windows domain to join.
132
133
134 group
135
136 Specifies the name of the CIFS local group.
137
138
139 username
140
141 Specifies the name of a Solaris local user.
142
143
145 The smbadm command includes these subcommands:
146
147 add-member -m member [[-m member] ...] group
148
149 Adds the specified member to the specified CIFS local group. The -m
150 member option specifies the name of a CIFS local group member. The
151 member name must include an existing user name and an optional
152 domain name.
153
154 Specify the member name in either of the following formats:
155
156 [domain\]username
157 [domain/]username
158
159
160 For example, a valid member name might be sales\terry or
161 sales/terry, where sales is the Windows domain name and terry is
162 the name of a user in the sales domain.
163
164
165 create [-d description] group
166
167 Creates a CIFS local group with the specified name. You can option‐
168 ally specify a description of the group by using the -d option.
169
170
171 delete group
172
173 Deletes the specified CIFS local group. The built-in groups cannot
174 be deleted.
175
176
177 disable username
178
179 Disables SMB password-generation capabilities for the specified
180 local user. A disabled local user is prevented from accessing the
181 system by means of the CIFS service. When a local user account is
182 disabled, you cannot use the passwd command to modify the user's
183 SMB password until the user account is reenabled.
184
185
186 enable username
187
188 Enables SMB password-generation capabilities for the specified
189 local user. After the password-generation capabilities are reen‐
190 abled, you must use the passwd command to generate the SMB password
191 for the local user before he can connect to the CIFS service.
192
193 The passwd command manages both the Solaris password and SMB pass‐
194 word for this user if the pam_smb_passwd module has been added to
195 the system's PAM configuration.
196
197
198 get [[-p property=value] ...] group
199
200 Retrieves property values for the specified group. If no property
201 is specified, all property values are shown.
202
203
204 join -u username domain
205
206 Joins a Windows domain or a workgroup.
207
208 The default mode for the CIFS service is workgroup mode, which uses
209 the default workgroup name, WORKGROUP.
210
211 An authenticated user account is required to join a domain, so you
212 must specify the Windows administrative user name with the -u
213 option. If the password is not specified on the command line, the
214 user is prompted for it. This user should be the domain administra‐
215 tor or any user who has administrative privileges for the target
216 domain.
217
218 username and domain can be entered in any of the following formats:
219
220 username[+password] domain
221 domain\username[+password]
222 domain/username[+password]
223 username@domain
224
225
226 ...where domain can be the NetBIOS or DNS domain name.
227
228 If a machine trust account for the system already exists on a
229 domain controller, any authenticated user account can be used when
230 joining the domain. However, if the machine trust account does not
231 already exist, an account that has administrative privileges on the
232 domain is required to join the domain.
233
234
235 join -w workgroup
236
237 Joins a Windows domain or a workgroup.
238
239 The -w workgroup option specifies the name of the workgroup to join
240 when using the join subcommand.
241
242
243 list
244
245 Shows information about the current workgroup or domain. The infor‐
246 mation typically includes the workgroup name or the primary domain
247 name. When in domain mode, the information includes domain con‐
248 troller names and trusted domain names.
249
250 Each entry in the ouput is identified by one of the following tags:
251
252 - [*] - Primary domain
253
254
255 - [.] - Local domain
256
257
258 - [-] - Other domains
259
260
261 - [+] - Selected domain controller
262
263
264
265 remove-member -m member [[-m member] ...] group
266
267 Removes the specified member from the specified CIFS local group.
268 The -m member option specifies the name of a CIFS local group mem‐
269 ber. The member name must include an existing user name and an
270 optional domain name.
271
272 Specify the member name in either of the following formats:
273
274 [domain\]username
275 [domain/]username
276
277
278 For example, a valid member name might be sales\terry or
279 sales/terry, where sales is the Windows domain name and terry is
280 the name of a user in the sales domain.
281
282
283 rename group new-group
284
285 Renames the specified CIFS local group. The group must already
286 exist. The built-in groups cannot be renamed.
287
288
289 set -p property=value [[-p property=value] ...] group
290
291 Sets configuration properties for a CIFS local group. The descrip‐
292 tion and the privileges for the built-in groups cannot be changed.
293
294 The -p property=value option specifies the list of properties to be
295 set on the specified group.
296
297 The group-related properties are as follows:
298
299 backup=[on|off]
300
301 Specifies whether members of the CIFS local group can bypass
302 file access controls to back up file system objects.
303
304
305 description=description-text
306
307 Specifies a text description for the CIFS local group.
308
309
310 restore=[on|off]
311
312 Specifies whether members of the CIFS local group can bypass
313 file access controls to restore file system objects.
314
315
316 take-ownership=[on|off]
317
318 Specifies whether members of the CIFS local group can take own‐
319 ership of file system objects.
320
321
322
323 show [-m] [-p] [group]
324
325 Shows information about the specified CIFS local group or groups.
326 If no group is specified, information is shown for all groups. If
327 the -m option is specified, the group members are also shown. If
328 the -p option is specified, the group privileges are also shown.
329
330
332 The following exit values are returned:
333
334 0 Successful completion.
335
336
337 >0 An error occurred.
338
339
341 See the attributes(5) man page for descriptions of the following
342 attributes:
343
344
345
346
347 ┌─────────────────────────────┬─────────────────────────────┐
348 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
349 ├─────────────────────────────┼─────────────────────────────┤
350 │Availability │SUNWsmbsu │
351 ├─────────────────────────────┼─────────────────────────────┤
352 │Utility Name and Options │Uncommitted │
353 ├─────────────────────────────┼─────────────────────────────┤
354 │Utility Output Format │Not-An-Interface │
355 ├─────────────────────────────┼─────────────────────────────┤
356 │smbadm join │Obsolete │
357 └─────────────────────────────┴─────────────────────────────┘
358
360 passwd(1), groupadd(1M), idmap(1M), idmapd(1M), kclient(1M), share(1M),
361 sharectl(1M), sharemgr(1M), smbd(1M), smbstat(1M), smb(4), smbauto‐
362 home(4), attributes(5), pam_smb_passwd(5), smf(5)
363
364
365
366SunOS 5.11 8 Jan 2009 smbadm(1M)