Samba-tool-external: Difference between revisions
mNo edit summary |
mNo edit summary |
||
Line 301: | Line 301: | ||
<td rowspan="5">drs</td> |
<td rowspan="5">drs</td> |
||
<td>bind</td> |
<td>bind</td> |
||
⚫ | |||
<td></td> |
<td></td> |
||
<td></td> |
<td>global options</td> |
||
⚫ | |||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>kcc</td> |
<td>kcc</td> |
||
⚫ | |||
<td></td> |
<td></td> |
||
<td></td> |
<td>global options</td> |
||
⚫ | |||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>replicate</td> |
<td>replicate</td> |
||
<td></td> |
<td><dest_dc> <source_dc> <nc></td> |
||
<td></td> |
<td>--add-ref<br>--sync-force</td> |
||
<td></td> |
<td>global options</td> |
||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>showrepl</td> |
<td>showrepl</td> |
||
⚫ | |||
<td></td> |
<td></td> |
||
<td></td> |
<td>global options</td> |
||
⚫ | |||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>options</td> |
<td>options</td> |
||
<td></td> |
<td><dc></td> |
||
<td>--dsa-option=+|-IS_GC |<br>--dsa-option=+|-DISABLE_INBOUND_REPL<br>--dsa-option=+|-DISABLE_OUTBOUND_REPL<br>--dsa-option=+|-DISABLE_NTDSCONN_XLATE</td> |
|||
<td></td> |
|||
<td></td> |
<td>global options</td> |
||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
Revision as of 19:40, 3 May 2011
This wiki page documents the current externals of the samba-tool command in the first table below and proposed externals to the samba-tool command in the second table below. The purpose of the proposed changes is to make the samba-tool command more consistent and easier to use. Additionally, help for command completion will be provided in a more consistent manner, again for usability.
Current commands listed in __init__.py in samba 4 Version 4.0.0alpha15-GIT-a8a6433
samba-tool current commands
Subcommand | Description | Parameters | Command specific options | Net command |
acl | get or set acls on a file | nt get <file> | --as-sddl --xattr\-backend=native|tdb --eadb-file=<file> |
|
nt set <file> | --quiet= --xattr-backend=native|tdb --eadb-file=<file> |
|||
ds set <file> | --host= --car=... --action=allow|deny --objectdn= --trusteedn= --sddl= --eadb-file=<file> |
|||
domainlevel | Raises domain and forest function level | show | -H --quiet --forest=2003|2008|2008_R2 --domain=2003|2008|2008_R2 |
|
raise | ||||
drs | various directory replication services | bind <dc> | ||
kcc <dc> | ||||
replicate <dest_dc> <source_dc> <nc> | --add-ref --sync-force |
|||
showrepl <dc> | ||||
enableaccount | enable a user | <username> | --filter= | |
export | Dumps kerberos keys of the domain into a keytab | keytab <keytab> | net export keytab <keytab> | |
fsmo | Makes the target DC transfer or seize fsmo role (server connection needed) transfer: request the role from current owner seize: take the role by force, current master is dead |
show | --url --force --role=rid|pdc|infrastructure|schema|naming|all |
|
transfer | --url --force --role=rid|pdc|infrastructure|schema|naming|all |
|||
seize | --url --force --role=rid|pdc|infrastructure|schema|naming|all |
|||
group | Add or delete groups or add members to or remove members from a group | add <groupname> | -H --groupou= --group-type=Security|Distribution --description= --mail-address= --notest= |
|
delete <groupname> | -H | |||
addmembers <groupname> <listofmembers> | -H |
|||
removemembers <groupname> <listofmembers> | -H |
|||
gpo2 | List group policies | list <username> | -H | |
listall | ||||
join | Join a domain as either a member or a backup domain controller (server connection required) |
<dnsdomain> DC | --server= --site= |
|
<dnsdomain> RODC | ||||
<dnsdomain> MEMBER | ||||
ldapcmp | compare two ldap databases | <url1> <url2> <context1?> <context2?> <context3?> | --two --quiet --verbose --sd --sort-aces --view --base --base2 --scope |
|
machinepw | get machine PW out of SAM | <accountname> | net machinepw <accountname> | |
newuser | Create a new user | <username> <password?> | -H --must-change-at_next-login --user-username-as-cn<br.--userou --surname --given-name --initials --profile-path --script-path --home-drive --home-directory --job-title --department --company --description --mail-address --internet-address --telephone-number --physical-delivery-office |
|
pwsettings | Sets password settings | set | -H --quiet --complexity=on|off|default --store-plaintext=on|off|default --history-length= --min-pwd-length= --min-pwd-age= --max-pwd-age= |
|
show | ||||
password | set or change password, | set <username> <password> | ||
change | ||||
setexpiry | Sets the expiration of a user account | <username> | -H --filter --days= --noexpiry |
|
setpassword | set user password locally, need write access to ldb files | <username?> | -H --filter --newpassword --must-change-at-next-login |
|
time | Retrieve the time on a remote server (server connection needed) | <servername?> | net time <servername> | |
user | create or delete a user | add <username> <password?> | ||
delete <username> | ||||
vampire | Join and synchronise a remote AD domain to the local server (server connection needed) |
domain |
General options are options that can be used on all commands and are as follows:
- Samba Options
- list samba options here***
- Version Options
- -V
- --version
- Credential Options
- list cred options***
Also possibly open for discussion is the formats of some of the global options. Improvements for improved usability should be considered.
samba-tool proposal for command syntax changes
The proposed format for all new / existing functions on the samba-tool command are as follows: Where is makes sense and is possible, the command syntax will follow the format: samba-tool <object> <action> <parameter(s)> <command specific options> <global options>
Also, help will be improved and made consistent.
- When the samba-tool command is issued without a subcommand, it will return a list of valid subcommands (it does this today)
- After each subcommand is entered, if more parameters are required a list of what comes next will be shown (sometimes does this today)
- If the command syntax is completely incorrect, will give the format of the subcommand (sometimes does this today)
- For each subcommand, help will be provided
- Error handling will be improved, more errors will be caught with useable messages being issued where applicable
Object | Action | Parameters | Specific Options | Global Options | Comments and Equivalent net command (samba 3) |
acl | get nt | <file> | --as-sddl --xattr-backend=native|tdb --eadb-file=file |
global options | Could combine get and nt into one action getnt Of leave as get <space> nt for historical purposes |
set nt | <file> | --xattr-backend=native|tdb --eadb-file=file |
global options | Could combine set and nt into one action setnt | |
set ds | <file> | --objectdn=objectdn --car=control right --action=deny|allow --trusteedn=trustee-dn |
global options | Could combine set and ds into one action setds | |
domainlevel | show | global options | |||
raise | -H --quiet --forest --domain |
global options | |||
drs | bind | <dc> | global options | ||
kcc | <dc> | global options | |||
replicate | <dest_dc> <source_dc> <nc> | --add-ref --sync-force |
global options | ||
showrepl | <dc> | global options | |||
options | <dc> | --dsa-option=+|-IS_GC | --dsa-option=+|-DISABLE_INBOUND_REPL --dsa-option=+|-DISABLE_OUTBOUND_REPL --dsa-option=+|-DISABLE_NTDSCONN_XLATE |
global options | ||
group | add | ||||
delete | |||||
addmembers | |||||
removemembers | |||||
gpo | list | ||||
listall | |||||
join | dns domain | add options | global options | What is the object being joined? server? machine? | |
fsmo | show | add options | global options | ||
transfer | add options | global options | What is the object? | ||
seize | add options | global options | What is the object? | ||
export | keytab | add options | global options | What is the object? | |
ldap | compare | URL1, URL2 | add options | Change to split into ldap compare. | |
pwsettings | show | ||||
set | add parameters that can be set | ||||
password | set | user | |||
change | user | ||||
time | server-name | Change format? add an optional action: show ? | |||
user | create | username | global options | Changing add to create, can / should make an alias? The help on this command already says add - create a new user create makes more sense, add sounds like it already exists and adding it to a group, for instance opposite of removemembers is addmembers |
|
delete | username | global options | |||
setexpiry | username | -H help | global options | this used to be setexpiry username command | |
--days=int | |||||
--filter=str | |||||
--noexpiry | |||||
enableaccount | username | -H help | global options | this used to be enableaccount username command | |
--filter=str | |||||
vampire | domain | global options | Keep as vampire command for usability / historical purposes Do not change to object action format |