sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-20 14:03:59 +03:00
Code
samba-mirror/docs/htmldocs/smbgroupedit.8.html
Jelmer Vernooij 2096762737 Regenerate 
(This used to be commit 25db62e3101dbcae8e9daee3cb16430297afa223)
2003-03-18 16:48:14 +00:00

331 lines
5.2 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML
><HEAD
><TITLE
>smbgroupedit</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="SMBGROUPEDIT.8"
></A
>smbgroupedit</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN5"
></A
><H2
>Name</H2
>smbgroupedit&nbsp;--&nbsp;Query/set/change UNIX - Windows NT group mapping</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN8"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>smbroupedit</B
> [-v [l|s]] [-a UNIX-groupname [-d NT-groupname|-p privilege|]]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN13"
></A
><H2
>DESCRIPTION</H2
><P
>This program is part of the <SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>Samba</SPAN
>(7)</SPAN
> suite.</P
><P
>The smbgroupedit command allows for mapping unix groups
to NT Builtin, Domain, or Local groups. Also
allows setting privileges for that group, such as saAddUser,
etc.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN20"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-v[l|s]</DT
><DD
><P
>This option will list all groups available
in the Windows NT domain in which samba is operating.
</P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-l</DT
><DD
><P
>give a long listing, of the format:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>"NT Group Name"
SID :
Unix group :
Group type :
Comment :
Privilege :</PRE
></P
><P
>For example:
<PRE
CLASS="PROGRAMLISTING"
>Users
SID : S-1-5-32-545
Unix group: -1
Group type: Local group
Comment :
Privilege : No privilege</PRE
></P
></DD
><DT
>-s</DT
><DD
><P
>display a short listing of the format:</P
><P
><PRE
CLASS="PROGRAMLISTING"
>NTGroupName(SID) -&#62; UnixGroupName</PRE
></P
><P
>For example:
<PRE
CLASS="PROGRAMLISTING"
>Users (S-1-5-32-545) -&#62; -1</PRE
></P
></DD
></DL
></DIV
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN44"
></A
><H2
>FILES</H2
><P
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN47"
></A
><H2
>EXIT STATUS</H2
><P
><B
CLASS="COMMAND"
>smbgroupedit</B
> returns a status of 0 if the
operation completed successfully, and a value of 1 in the event
of a failure.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN51"
></A
><H2
>EXAMPLES</H2
><P
>To make a subset of your samba PDC users members of
the 'Domain Admins' Global group:</P
><P
></P
><OL
TYPE="1"
><LI
><P
>create a unix group (usually in
<TT
CLASS="FILENAME"
>/etc/group</TT
>), let's call it <CODE
CLASS="CONSTANT"
>domadm</CODE
>.
</P
></LI
><LI
><P
>add to this group the users that you want to be
domain administrators. For example if you want joe, john and mary,
your entry in <TT
CLASS="FILENAME"
>/etc/group</TT
> will look like:
</P
><P
>domadm:x:502:joe,john,mary</P
></LI
><LI
><P
>map this domadm group to the 'domain admins' group:</P
><P
></P
><OL
TYPE="a"
><LI
><P
>Get the SID for the Windows NT "Domain Admins" group:</P
><P
><PRE
CLASS="PROGRAMLISTING"
><SAMP
CLASS="PROMPT"
>root# </SAMP
><B
CLASS="COMMAND"
>smbgroupedit -vs | grep "Domain Admins"</B
>
Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; -1</PRE
></P
></LI
><LI
><P
>map the unix domadm group to the Windows NT
"Domain Admins" group, by running the command:
<PRE
CLASS="PROGRAMLISTING"
><SAMP
CLASS="PROMPT"
>root# </SAMP
><B
CLASS="COMMAND"
>smbgroupedit \
-c S-1-5-21-1108995562-3116817432-1375597819-512 \
-u domadm -td</B
></PRE
></P
><P
><SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>warning:</I
></SPAN
> don't copy and paste this sample, the
Domain Admins SID (the S-1-5-21-...-512) is different for every PDC.
</P
></LI
></OL
></LI
></OL
><P
>To verify that your mapping has taken effect:
<PRE
CLASS="PROGRAMLISTING"
><SAMP
CLASS="PROMPT"
>root# </SAMP
><B
CLASS="COMMAND"
>smbgroupedit -vs|grep "Domain Admins"</B
>
Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; domadm</PRE
></P
><P
>To give access to a certain directory on a domain member machine (an
NT/W2K or a samba server running winbind) to some users who are member
of a group on your samba PDC, flag that group as a domain group:
<PRE
CLASS="PROGRAMLISTING"
><SAMP
CLASS="PROMPT"
>root# </SAMP
><B
CLASS="COMMAND"
>smbgroupedit -a unixgroup -td</B
></PRE
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN87"
></A
><H2
>VERSION</H2
><P
>This man page is correct for the 3.0alpha releases of
the Samba suite.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN90"
></A
><H2
>SEE ALSO</H2
><P
><SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>smb.conf</SPAN
>(5)</SPAN
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN96"
></A
><H2
>AUTHOR</H2
><P
>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</P
><P
><B
CLASS="COMMAND"
>smbgroupedit</B
> was written by Jean Francois Micouleau.
The current set of manpages and documentation is maintained
by the Samba Team in the same fashion as the Samba source code. The conversion
to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</P
></DIV
></BODY
></HTML
>
View Git Blame Copy Permalink