Arch manual pages

SAMBA-TOOL(8) System Administration tools SAMBA-TOOL(8)

NAME

samba-tool - Main Samba administration tool.

SYNOPSIS

samba-tool [-h] [-W myworkgroup] [-U user] [-d debuglevel] [--v]

DESCRIPTION

This tool is part of the samba(7) suite.

OPTIONS

-h|--help
Show this help message and exit
--realm=REALM
Set the realm name
--simple-bind-dn=DN
DN to use for a simple bind
--password=PASSWORD
Password
-U USERNAME|--username=USERNAME
Username
-W WORKGROUP|--workgroup=WORKGROUP
Workgroup
-N|--no-pass
Don't ask for a password
-k KERBEROS|--kerberos=KERBEROS
Use Kerberos
--ipaddress=IPADDRESS
IP address of the server
-d|--debuglevel=level
level is an integer from 0 to 10. The default value if this parameter is not specified is 1.
 
The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out.
 
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.
 
Note that specifying this parameter here will override the log level parameter in the smb.conf file.
-V|--version
Prints the program version number.
-s|--configfile=<configuration file>
The file specified contains the configuration details required by the server. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. See smb.conf for more information. The default configuration file name is determined at compile time.
-l|--log-basename=logdirectory
Base directory name for log/debug files. The extension ".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.
--option=<name>=<value>
Set the smb.conf(5) option "<name>" to value "<value>" from the command line. This overrides compiled-in defaults and options read from the configuration file.

COMMANDS

dbcheck

Check the local AD database for errors.

delegation

Manage Delegations.

delegation add-service accountname principal [options]

Add a service principal as msDS-AllowedToDelegateTo.

delegation del-service accountname principal [options]

Delete a service principal as msDS-AllowedToDelegateTo.

delegation for-any-protocol accountname [(on|off)] [options]

Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account.

delegation for-any-service accountname [(on|off)] [options]

Set/unset UF_TRUSTED_FOR_DELEGATION for an account.

delegation show accountname [options]

Show the delegation setting of an account.

dns

Manage Domain Name Service (DNS).

dns add server zone name A|AAAA|PTR|CNAME|NS|MX|SRV|TXT data

Add a DNS record.

dns delete server zone name A|AAAA|PTR|CNAME|NS|MX|SRV|TXT data

Delete a DNS record.

dns query server zone name A|AAAA|PTR|CNAME|NS|MX|SRV|TXT|ALL [options] data

Query a name.

dns roothints server [name] [options]

Query root hints.

dns serverinfo server [options]

Query server information.

dns update server zone name A|AAAA|PTR|CNAME|NS|MX|SRV|TXT olddata newdata

Update a DNS record.

dns zonecreate server zone [options]

Create a zone.

dns zonedelete server zone [options]

Delete a zone.

dns zoneinfo server zone [options]

Query zone information.

dns zonelist server [options]

List zones.

domain

Manage Domain.

domain classicupgrade [options] classic_smb_conf

Upgrade from Samba classic (NT4-like) database to Samba AD DC database.

domain dcpromo dnsdomain [DC|RODC] [options]

Promote an existing domain member or NT4 PDC to an AD DC.

domain demote

Demote ourselves from the role of domain controller.

domain exportkeytab keytab [options]

Dumps Kerberos keys of the domain into a keytab.

domain info ip_address [options]

Print basic info about a domain and the specified DC.

domain join dnsdomain [DC|RODC|MEMBER|SUBDOMAIN] [options]

Join a domain as either member or backup domain controller.

domain level show|raise options [options]

Show/raise domain and forest function levels.

domain passwordsettings show|set options [options]

Show/set password settings.

domain provision

Promote an existing domain member or NT4 PDC to an AD DC.

domain trust

Domain and forest trust management.

domain trust create DOMAIN options [options]

Create a domain or forest trust.

domain trust delete DOMAIN options [options]

Delete a domain trust.

domain trust list options [options]

List domain trusts.

domain trust namespaces [DOMAIN] options [options]

Manage forest trust namespaces.

domain trust show DOMAIN options [options]

Show trusted domain details.

domain trust validate DOMAIN options [options]

Validate a domain trust.

drs

Manage Directory Replication Services (DRS).

drs bind

Show DRS capabilities of a server.

drs kcc

Trigger knowledge consistency center run.

drs options

Query or change options for NTDS Settings object of a domain controller.

drs replicate destination_DC source_DC NC [options]

Replicate a naming context between two DCs.

drs showrepl

Show replication status.

dsacl

Administer DS ACLs

dsacl set

Modify access list on a directory object.

fsmo

Manage Flexible Single Master Operations (FSMO).

fsmo seize [options]

Seize the role.

fsmo show

Show the roles.

fsmo transfer [options]

Transfer the role.

gpo

Manage Group Policy Objects (GPO).

gpo create displayname [options]

Create an empty GPO.

gpo del gpo [options]

Delete GPO. Delete GPO link from a container.

gpo fetch gpo [options]

Download a GPO.

gpo getinheritance container_dn [options]

Get inheritance flag for a container. List GPO Links for a container.

gpo list username [options]

List GPOs for an account.

gpo listall

List all GPOs.

gpo listcontainers gpo [options]

List all linked containers for a GPO.

gpo setinheritance container_dn block|inherit [options]

Set inheritance flag on a container. Add or Update a GPO link to a container.

gpo show gpo [options]

Show information for a GPO.

group

Manage groups.

group add groupname [options]

Create a new AD group.

group addmembers groupname members [options]

Add members to an AD group.

group delete groupname [options]

Delete an AD group.

group list

List all groups.

group listmembers groupname [options]

List all members of the specified AD group.

group removemembers groupname members [options]

Remove members from the specified AD group.

ldapcmp URL1 URL2 domain|configuration|schema|dnsdomain|dnsforest [options]

Compare two LDAP databases.

ntacl

Manage NT ACLs.

ntacl get file [options]

Get ACLs on a file.

ntacl set acl file [options]

Set ACLs on a file.

ntacl sysvolcheck

Check sysvol ACLs match defaults (including correct ACLs on GPOs).

ntacl sysvolreset

Reset sysvol ACLs to defaults (including correct ACLs on GPOs).

rodc

Manage Read-Only Domain Controller (RODC).

rodc preload SID|DN|accountname [options]

Preload one account for an RODC.

sites

Manage sites.

sites create site [options]

Create a new site.

sites remove site [options]

Delete an existing site.

spn

Manage Service Principal Names (SPN).

spn add name user [options]

Create a new SPN.

spn delete name [user] [options]

Delete an existing SPN.

spn list user [options]

List SPNs of a given user.

testparm

Check the syntax of the configuration file.

time

Retrieve the time on a server.

user

Manage users.

user add username [password]

Create a new user. Please note that this subcommand is deprecated and available for compatibility reasons only. Please use samba-tool user create instead.

user create username [password]

Create a new user in the Active Directory Domain.

user delete username [options]

Delete an existing user account.

user disable username

Disable an user account.

user enable username

Enable an user account.

user list

List all users.

user password [options]

Change password for an user account (the one provided in authentication).

user setexpiry username [options]

Set the expiration of an user account.

user setpassword username [options]

Sets or resets the password of an user account.

user getpassword username [options]

Gets the password of an user account.

user syncpasswords --cache-ldb-initialize [options]

Syncs the passwords of all user accounts, using an optional script.
Note that this command should run on a single domain controller only (typically the PDC-emulator).

vampire [options] domain

Join and synchronise a remote AD domain to the local server. Please note that samba-tool vampire is deprecated, please use samba-tool domain join instead.

help

Gives usage information.

VERSION

This man page is complete for version 4 of the Samba suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
The samba-tool manpage was written by Karolin Seeger.
11/24/2017 Samba 4.7