.\" Title: pdbedit
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.74.0
.\" Date: 09/30/2009
.\" Manual: System Administration tools
.\" Source: Samba 3.0
.\" Language: English
.\"
.TH "PDBEDIT" "8" "09/30/2009" "Samba 3\&.0" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * (re)Define some macros
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" toupper - uppercase a string (locale-aware)
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de toupper
.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
\\$*
.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" SH-xref - format a cross-reference to an SH section
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de SH-xref
.ie n \{\
.\}
.toupper \\$*
.el \{\
\\$*
.\}
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" SH - level-one heading that works better for non-TTY output
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de1 SH
.\" put an extra blank line of space above the head in non-TTY output
.if t \{\
.sp 1
.\}
.sp \\n[PD]u
.nr an-level 1
.set-an-margin
.nr an-prevailing-indent \\n[IN]
.fi
.in \\n[an-margin]u
.ti 0
.HTML-TAG ".NH \\n[an-level]"
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
\." make the size of the head bigger
.ps +3
.ft B
.ne (2v + 1u)
.ie n \{\
.\" if n (TTY output), use uppercase
.toupper \\$*
.\}
.el \{\
.nr an-break-flag 0
.\" if not n (not TTY), use normal case (not uppercase)
\\$1
.in \\n[an-margin]u
.ti 0
.\" if not n (not TTY), put a border/line under subheading
.sp -.6
\l'\n(.lu'
.\}
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" SS - level-two heading that works better for non-TTY output
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de1 SS
.sp \\n[PD]u
.nr an-level 1
.set-an-margin
.nr an-prevailing-indent \\n[IN]
.fi
.in \\n[IN]u
.ti \\n[SN]u
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.ps \\n[PS-SS]u
\." make the size of the head bigger
.ps +2
.ft B
.ne (2v + 1u)
.if \\n[.$] \&\\$*
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" BB/BE - put background/screen (filled box) around block of text
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de BB
.if t \{\
.sp -.5
.br
.in +2n
.ll -2n
.gcolor red
.di BX
.\}
..
.de EB
.if t \{\
.if "\\$2"adjust-for-leading-newline" \{\
.sp -1
.\}
.br
.di
.in
.ll
.gcolor
.nr BW \\n(.lu-\\n(.i
.nr BH \\n(dn+.5v
.ne \\n(BHu+.5v
.ie "\\$2"adjust-for-leading-newline" \{\
\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
.\}
.el \{\
\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
.\}
.in 0
.sp -.5v
.nf
.BX
.in
.sp .5v
.fi
.\}
..
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" BM/EM - put colored marker in margin next to block of text
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.de BM
.if t \{\
.br
.ll -2n
.gcolor red
.di BX
.\}
..
.de EM
.if t \{\
.br
.di
.ll
.gcolor
.nr BH \\n(dn
.ne \\n(BHu
\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
.in 0
.nf
.BX
.in
.fi
.\}
..
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "Name"
pdbedit \- manage the SAM database (Database of Samba Users)
.SH "Synopsis"
.fam C
.HP \w'\ 'u
\FCpdbedit\F[] [\-L] [\-v] [\-w] [\-u\ username] [\-f\ fullname] [\-h\ homedir] [\-D\ drive] [\-S\ script] [\-p\ profile] [\-a] [\-t,\ \-\-password\-from\-stdin] [\-m] [\-r] [\-x] [\-i\ passdb\-backend] [\-e\ passdb\-backend] [\-b\ passdb\-backend] [\-g] [\-d\ debuglevel] [\-s\ configfile] [\-P\ account\-policy] [\-C\ value] [\-c\ account\-control] [\-y]
.fam
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(7)
suite\&.
.PP
The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root\&.
.PP
The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool)\&.
.PP
There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user accounts, importing users accounts\&.
.SH "OPTIONS"
.PP
\-L
.RS 4
This option lists all the user accounts present in the users database\&. This option prints a list of user/uid pairs separated by the \':\' character\&.
.sp
Example:
\FCpdbedit \-L\F[]
.sp
.if n \{\
.RS 4
.\}
.fam C
.ps -1
.nf
.if t \{\
.sp -1
.\}
.BB lightgray adjust-for-leading-newline
.sp -1
sorce:500:Simo Sorce
samba:45:Test User
.EB lightgray adjust-for-leading-newline
.if t \{\
.sp 1
.\}
.fi
.fam
.ps +1
.if n \{\
.RE
.\}
.RE
.PP
\-v
.RS 4
This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&.
.sp
Example:
\FCpdbedit \-L \-v\F[]
.sp
.if n \{\
.RS 4
.\}
.fam C
.ps -1
.nf
.if t \{\
.sp -1
.\}
.BB lightgray adjust-for-leading-newline
.sp -1
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
username: sorce
user ID/Group: 500/500
user RID/GRID: 2000/2001
Full Name: Simo Sorce
Home Directory: \e\eBERSERKER\esorce
HomeDir Drive: H:
Logon Script: \e\eBERSERKER\enetlogon\esorce\&.bat
Profile Path: \e\eBERSERKER\eprofile
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
username: samba
user ID/Group: 45/45
user RID/GRID: 1090/1091
Full Name: Test User
Home Directory: \e\eBERSERKER\esamba
HomeDir Drive:
Logon Script:
Profile Path: \e\eBERSERKER\eprofile
.EB lightgray adjust-for-leading-newline
.if t \{\
.sp 1
.\}
.fi
.fam
.ps +1
.if n \{\
.RE
.\}
.RE
.PP
\-w
.RS 4
This option sets the "smbpasswd" listing format\&. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the
\FCsmbpasswd\F[]
file format\&. (see the
\fBsmbpasswd\fR(5)
for details)
.sp
Example:
\FCpdbedit \-L \-w\F[]
.sp
.if n \{\
.RS 4
.\}
.fam C
.ps -1
.nf
.if t \{\
.sp -1
.\}
.BB lightgray adjust-for-leading-newline
.sp -1
sorce:500:508818B733CE64BEAAD3B435B51404EE:
D2A2418EFC466A8A0F6B1DBB5C3DB80C:
[UX ]:LCT\-00000000:
samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
BC281CE3F53B6A5146629CD4751D3490:
[UX ]:LCT\-3BFA1E8D:
.EB lightgray adjust-for-leading-newline
.if t \{\
.sp 1
.\}
.fi
.fam
.ps +1
.if n \{\
.RE
.\}
.RE
.PP
\-u username
.RS 4
This option specifies the username to be used for the operation requested (listing, adding, removing)\&. It is
\fIrequired\fR
in add, remove and modify operations and
\fIoptional\fR
in list operations\&.
.RE
.PP
\-f fullname
.RS 4
This option can be used while adding or modifing a user account\&. It will specify the user\'s full name\&.
.sp
Example:
\FC\-f "Simo Sorce"\F[]
.RE
.PP
\-h homedir
.RS 4
This option can be used while adding or modifing a user account\&. It will specify the user\'s home directory network path\&.
.sp
Example:
\FC\-h "\e\e\e\eBERSERKER\e\esorce"\F[]
.RE
.PP
\-D drive
.RS 4
This option can be used while adding or modifing a user account\&. It will specify the windows drive letter to be used to map the home directory\&.
.sp
Example:
\FC\-D "H:"\F[]
.RE
.PP
\-S script
.RS 4
This option can be used while adding or modifing a user account\&. It will specify the user\'s logon script path\&.
.sp
Example:
\FC\-S "\e\e\e\eBERSERKER\e\enetlogon\e\esorce\&.bat"\F[]
.RE
.PP
\-p profile
.RS 4
This option can be used while adding or modifing a user account\&. It will specify the user\'s profile directory\&.
.sp
Example:
\FC\-p "\e\e\e\eBERSERKER\e\enetlogon"\F[]
.RE
.PP
\-G SID|rid
.RS 4
This option can be used while adding or modifying a user account\&. It will specify the users\' new primary group SID (Security Identifier) or rid\&.
.sp
Example:
\FC\-G S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-1201\F[]
.RE
.PP
\-U SID|rid
.RS 4
This option can be used while adding or modifying a user account\&. It will specify the users\' new SID (Security Identifier) or rid\&.
.sp
Example:
\FC\-U S\-1\-5\-21\-2447931902\-1787058256\-3961074038\-5004\F[]
.RE
.PP
\-c account\-control
.RS 4
This option can be used while adding or modifying a user account\&. It will specify the users\' account control property\&. Possible flags are listed below\&.
.sp
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
N: No password required
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
D: Account disabled
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
H: Home directory required
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
T: Temporary duplicate of other account
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
U: Regular user account
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
M: MNS logon user account
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
W: Workstation Trust Account
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
S: Server Trust Account
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
L: Automatic Locking
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
X: Password does not expire
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
I: Domain Trust Account
.sp
.RE
.sp
Example:
\FC\-c "[X ]"\F[]
.RE
.PP
\-a
.RS 4
This option is used to add a user into the database\&. This command needs a user name specified with the \-u switch\&. When adding a new user, pdbedit will also ask for the password to be used\&.
.sp
Example:
\FCpdbedit \-a \-u sorce\F[]
.sp
.if n \{\
.RS 4
.\}
.fam C
.ps -1
.nf
.BB lightgray
new password:
retype new password
.EB lightgray
.fi
.fam
.ps +1
.if n \{\
.RE
.\}
.sp
.if n \{\
.sp
.\}
.RS 4
.BM yellow
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
pdbedit does not call the unix password syncronisation script if
\m[blue]\fBunix password sync\fR\m[]
has been set\&. It only updates the data in the Samba user database\&.
.sp
If you wish to add a user and synchronise the password that immediately, use
\FCsmbpasswd\F[]\'s
\fB\-a\fR
option\&.
.sp .5v
.EM yellow
.RE
.RE
.PP
\-t, \-\-password\-from\-stdin
.RS 4
This option causes pdbedit to read the password from standard input, rather than from /dev/tty (like the
\FCpasswd(1)\F[]
program does)\&. The password has to be submitted twice and terminated by a newline each\&.
.RE
.PP
\-r
.RS 4
This option is used to modify an existing user in the database\&. This command needs a user name specified with the \-u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&.
.RE
.PP
\-m
.RS 4
This option may only be used in conjunction with the
\fI\-a\fR
option\&. It will make pdbedit to add a machine trust account instead of a user account (\-u username will provide the machine name)\&.
.sp
Example:
\FCpdbedit \-a \-m \-u w2k\-wks\F[]
.RE
.PP
\-x
.RS 4
This option causes pdbedit to delete an account from the database\&. It needs a username specified with the \-u switch\&.
.sp
Example:
\FCpdbedit \-x \-u bob\F[]
.RE
.PP
\-i passdb\-backend
.RS 4
Use a different passdb backend to retrieve users than the one specified in smb\&.conf\&. Can be used to import data into your local user database\&.
.sp
This option will ease migration from one passdb backend to another\&.
.sp
Example:
\FCpdbedit \-i smbpasswd:/etc/smbpasswd\&.old \F[]
.RE
.PP
\-e passdb\-backend
.RS 4
Exports all currently available users to the specified password database backend\&.
.sp
This option will ease migration from one passdb backend to another and will ease backing up\&.
.sp
Example:
\FCpdbedit \-e smbpasswd:/root/samba\-users\&.backup\F[]
.RE
.PP
\-g
.RS 4
If you specify
\fI\-g\fR, then
\fI\-i in\-backend \-e out\-backend\fR
applies to the group mapping instead of the user database\&.
.sp
This option will ease migration from one passdb backend to another and will ease backing up\&.
.RE
.PP
\-b passdb\-backend
.RS 4
Use a different default passdb backend\&.
.sp
Example:
\FCpdbedit \-b xml:/root/pdb\-backup\&.xml \-l\F[]
.RE
.PP
\-P account\-policy
.RS 4
Display an account policy
.sp
Valid policies are: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt\&.
.sp
Example:
\FCpdbedit \-P "bad lockout attempt"\F[]
.sp
.if n \{\
.RS 4
.\}
.fam C
.ps -1
.nf
.if t \{\
.sp -1
.\}
.BB lightgray adjust-for-leading-newline
.sp -1
account policy value for bad lockout attempt is 0
.EB lightgray adjust-for-leading-newline
.if t \{\
.sp 1
.\}
.fi
.fam
.ps +1
.if n \{\
.RE
.\}
.RE
.PP
\-C account\-policy\-value
.RS 4
Sets an account policy to a specified value\&. This option may only be used in conjunction with the
\fI\-P\fR
option\&.
.sp
Example:
\FCpdbedit \-P "bad lockout attempt" \-C 3\F[]
.sp
.if n \{\
.RS 4
.\}
.fam C
.ps -1
.nf
.if t \{\
.sp -1
.\}
.BB lightgray adjust-for-leading-newline
.sp -1
account policy value for bad lockout attempt was 0
account policy value for bad lockout attempt is now 3
.EB lightgray adjust-for-leading-newline
.if t \{\
.sp 1
.\}
.fi
.fam
.ps +1
.if n \{\
.RE
.\}
.RE
.PP
\-y
.RS 4
If you specify
\fI\-y\fR, then
\fI\-i in\-backend \-e out\-backend\fR
applies to the account policies instead of the user database\&.
.sp
This option will allow to migrate account policies from their default tdb\-store into a passdb backend, e\&.g\&. an LDAP directory server\&.
.sp
Example:
\FCpdbedit \-y \-i tdbsam: \-e ldapsam:ldap://my\&.ldap\&.host\F[]
.RE
.PP
\-h|\-\-help
.RS 4
Print a summary of command line options\&.
.RE
.PP
\-d|\-\-debuglevel=level
.RS 4
\fIlevel\fR
is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&.
.sp
The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&.
.sp
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
.sp
Note that specifying this parameter here will override the
\m[blue]\fBlog level\fR\m[]
parameter in the
\FCsmb\&.conf\F[]
file\&.
.RE
.PP
\-V
.RS 4
Prints the program version number\&.
.RE
.PP
\-s
.RS 4
The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See
\FCsmb\&.conf\F[]
for more information\&. The default configuration file name is determined at compile time\&.
.RE
.PP
\-l|\-\-log\-basename=logdirectory
.RS 4
Base directory name for log/debug files\&. The extension
\fB"\&.progname"\fR
will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&.
.RE
.SH "NOTES"
.PP
This command may be used only by root\&.
.SH "VERSION"
.PP
This man page is correct for version 3\&.0 of the Samba suite\&.
.SH "SEE ALSO"
.PP
\fBsmbpasswd\fR(5),
\fBsamba\fR(7)
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
.PP
The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij\&.