Samba-tool-external: Difference between revisions
mNo edit summary |
mNo edit summary |
||
(78 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
This wiki page documents the current externals of the samba-tool command in the first table below and proposed externals to the samba-tool command in the second table below. The purpose of the proposed changes is to make the samba-tool command more consistent and easier to use. Additionally, help for command completion will be provided in a more consistent manner, again for usability. |
|||
'''Current commands listed in __init__.py in samba 4 Version 4.0.0alpha15-GIT-a8a6433''' |
|||
<h4>samba-tool current commands</h4> |
|||
This wiki page will document the current externals of the samba-tool command with proposed changes to be made for consistency and usability. |
|||
The proposed format for all new / existing functions on the samba-tool command are as follows: |
|||
General options are options that can be used on all commands and are as follows: |
|||
<ul> |
|||
<li>'''Samba Options'''</li> |
|||
<ul> |
|||
<li> list samba options here</li> |
|||
</ul> |
|||
<li>'''Version Options</li> |
|||
<ul> |
|||
<li>-V</li> |
|||
<li>--version</li> |
|||
</ul> |
|||
<li>'''Credential Options</li> |
|||
<ul> |
|||
<li>list cred options</li> |
|||
</ul> |
|||
</ul> |
|||
'''Current commands listed in __init__.py in samba 4 Version 4.0.0alpha15-GIT-b12fbc2''' |
|||
<h4>samba-tool current commands:</h4> |
|||
<table border="1"> |
<table border="1"> |
||
<caption>'''samba-tool current commands</caption> |
|||
<tr> |
<tr> |
||
<td>'''Ref Num'''</td> |
|||
<td>'''Subcommand'''</td> |
<td>'''Subcommand'''</td> |
||
<td>'''Description'''</td> |
<td>'''Description'''</td> |
||
<td>'''Parameters'''</td> |
<td>'''Parameters'''</td> |
||
<td>'''Command specific options'''</td> |
<td>'''Command specific options'''</td> |
||
<td>''' |
<td>'''Net command'''</td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td rowspan="3">1</td> |
|||
<td rowspan="3">acl</td> |
<td rowspan="3">acl</td> |
||
<td rowspan="3">get or set acls on a file</td> |
<td rowspan="3">get or set acls on a file</td> |
||
<td>nt get <file></td> |
<td>nt get <file></td> |
||
<td>--as-sddl<br>--xattr\-backend=native|tdb<br>--eadb-file=<file></td> |
<td>--as-sddl<br>--xattr\-backend=native|tdb<br>--eadb-file=<file></td> |
||
<td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>nt set <file></td> |
<td>nt set <file></td> |
||
<td>--quiet=<br>--xattr-backend=native|tdb<br>--eadb-file=<file></td> |
<td>--quiet=<br>--xattr-backend=native|tdb<br>--eadb-file=<file></td> |
||
<td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>ds set <file></td> |
<td>ds set <file></td> |
||
<td>--host=<br>--car=...<br>--action=allow|deny<br>--objectdn=<br>--trusteedn=<br>--sddl=<br>--eadb-file=<file></td> |
<td>--host=<br>--car=...<br>--action=allow|deny<br>--objectdn=<br>--trusteedn=<br>--sddl=<br>--eadb-file=<file></td> |
||
<td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td rowspan="2">2</td> |
|||
<td rowspan="2">domainlevel</td> |
<td rowspan="2">domainlevel</td> |
||
<td rowspan="2">Raises domain and forest function level</td> |
<td rowspan="2">Raises domain and forest function level</td> |
||
<td>show</td> |
<td>show</td> |
||
<td rowspan="2">-H<br>--quiet<br>--forest=2003|2008|2008_R2<br>--domain=2003|2008|2008_R2</td> |
<td rowspan="2">-H<br>--quiet<br>--forest=2003|2008|2008_R2<br>--domain=2003|2008|2008_R2</td> |
||
<td rowspan="2"> |
<td rowspan="2"></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
Line 63: | Line 44: | ||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td rowspan="4">3</td> |
|||
<td rowspan="4">drs</td> |
<td rowspan="4">drs</td> |
||
<td rowspan="4">various directory replication services</td> |
<td rowspan="4">various directory replication services</td> |
||
<td>bind <dc></td> |
<td>bind <dc></td> |
||
<td></td> |
<td></td> |
||
<td rowspan="4"> |
<td rowspan="4"></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
Line 82: | Line 64: | ||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>4</td> |
|||
<td>enableaccount</td> |
<td>enableaccount</td> |
||
<td>enable a user</td> |
<td>enable a user</td> |
||
<td></td> |
<td><username></td> |
||
<td> |
<td>--filter=</td> |
||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>5</td> |
|||
<td>export</td> |
<td>export</td> |
||
<td>Dumps kerberos keys of the domain into a keytab</td> |
<td>Dumps kerberos keys of the domain into a keytab</td> |
||
<td>keytab</td> |
<td>keytab <keytab></td> |
||
<td></td> |
|||
<td></td> |
<td></td> |
||
<td>net export keytab <keytab></td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td rowspan="3">6</td> |
||
<td rowspan="3">fsmo</td> |
|||
<td>Makes the target DC transfer or seize fsmo role (server connection needed)</td> |
|||
<td rowspan="3">Makes the target DC transfer or seize fsmo role (server connection needed)<br>transfer: request the role from current owner<br>seize: take the role by force, current master is dead</td> |
|||
<td>show, transfer, seize</td> |
|||
<td>show</td> |
|||
<td>--url<br>--force<br>--role=rid|pdc|infrastructure|schema|naming|all</td> |
|||
<td></td> |
<td></td> |
||
<td>Add options</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>transfer</td> |
||
<td>--url<br>--force<br>--role=rid|pdc|infrastructure|schema|naming|all</td> |
|||
<td>Add or delete groups or add members to or remove members from a group</td> |
|||
<td>add,delete,addmembers,removemembers</td> |
|||
<td></td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>seize</td> |
||
<td>--url<br>--force<br>--role=rid|pdc|infrastructure|schema|naming|all</td> |
|||
<td>List group policies</td> |
|||
<td>list, listall</td> |
|||
<td></td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td rowspan="4">7</td> |
||
<td rowspan="4">group</td> |
|||
<td>Join a domain as either a member or a backup domain controller <br>(server connection required)</td> |
|||
<td rowspan="4">Add or delete groups or add members to or remove members from a group</td> |
|||
<td>dns domain</td> |
|||
<td></td> |
<td>add <groupname></td> |
||
<td>-H<br>--groupou=<br>--group-type=Security|Distribution<br>--description=<br>--mail-address=<br>--notest=</td> |
|||
<td>add options</td> |
|||
<td rowspan="4"></td> |
|||
</tr> |
|||
<tr> |
|||
<td>delete <groupname></td> |
|||
<td>-H</td> |
|||
</tr> |
|||
<tr> |
|||
<td>addmembers <groupname> <listofmembers></td> |
|||
<td>-H<br></td> |
|||
</tr> |
|||
<tr> |
|||
<td>removemembers <groupname> <listofmembers></td> |
|||
<td>-H<br></td> |
|||
</tr> |
|||
<tr> |
|||
<td rowspan="2">8</td> |
|||
<td rowspan="2">gpo2</td> |
|||
<td rowspan="2">List group policies</td> |
|||
<td>list <username></td> |
|||
<td rowspan="2">-H</td> |
|||
<td rowspan="2"></td> |
|||
</tr> |
|||
<tr> |
|||
<td>listall</td> |
|||
</tr> |
|||
<tr> |
|||
<td rowspan="3">9</td> |
|||
<td rowspan="3">join</td> |
|||
<td rowspan="3">Join a domain as either a member or a backup domain controller <br>(server connection required)</td> |
|||
<td><dnsdomain> DC</td> |
|||
<td rowspan="3">--server=<br>--site=</td> |
|||
<td rowspan="3"></td> |
|||
</tr> |
|||
<tr> |
|||
<td><dnsdomain> RODC</td> |
|||
</tr> |
|||
<tr> |
|||
<td><dnsdomain> MEMBER</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>10</td> |
|||
<td>ldapcmp</td> |
<td>ldapcmp</td> |
||
<td>compare two ldap databases</td> |
<td>compare two ldap databases</td> |
||
<td><url1> <url2> <context1?> <context2?> <context3?></td> |
|||
<td>UR1L, URL2</td> |
|||
<td>--two<br>--quiet<br>--verbose<br>--sd<br>--sort-aces<br>--view<br>--base<br>--base2<br>--scope</td> |
|||
<td></td> |
<td></td> |
||
<td>add options</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>11</td> |
|||
<td>machinepw</td> |
<td>machinepw</td> |
||
<td>get machine PW out of SAM</td> |
<td>get machine PW out of SAM</td> |
||
<td><accountname></td> |
|||
<td></td> |
<td></td> |
||
<td></td> |
<td>net machinepw <accountname></td> |
||
<td></td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>12</td> |
|||
<td>newuser</td> |
<td>newuser</td> |
||
<td>Create a new user</td> |
|||
<td><username> <password?></td> |
|||
<td>-H<br>--must-change-at_next-login<br>--user-username-as-cn<br.--userou<br>--surname<br>--given-name<br>--initials<br>--profile-path<br>--script-path<br>--home-drive<br>--home-directory<br>--job-title<br>--department<br>--company<br>--description<br>--mail-address<br>--internet-address<br>--telephone-number<br>--physical-delivery-office</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
|||
<tr> |
|||
<td></td> |
|||
<td rowspan="2">13</td> |
|||
<td rowspan="2">pwsettings</td> |
|||
<td rowspan="2">Sets password settings</td> |
|||
<td>set</td> |
|||
<td>-H<br>--quiet<br>--complexity=on|off|default<br>--store-plaintext=on|off|default<br>--history-length=<br>--min-pwd-length=<br>--min-pwd-age=<br>--max-pwd-age=</td> |
|||
<td rowspan="2"></td> |
|||
</tr> |
|||
<tr> |
|||
<td>show</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td rowspan="2">14</td> |
||
<td> |
<td rowspan="2">password</td> |
||
<td>set, |
<td rowspan="2">set or change password, </td> |
||
<td></td> |
<td>set <username> <password></td> |
||
<td></td> |
|||
<td></td> |
<td></td> |
||
<td rowspan="2"></td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>change</td> |
||
<td>set or change password, </td> |
|||
<td>set, change</td> |
|||
<td>user</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>15</td> |
|||
<td>setexpiry</td> |
<td>setexpiry</td> |
||
<td>Sets the expiration of a user account</td> |
<td>Sets the expiration of a user account</td> |
||
<td><username></td> |
|||
<td>-H<br>--filter<br>--days=<br>--noexpiry</td> |
|||
<td></td> |
<td></td> |
||
<td>[username]</td> |
|||
<td>add options</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>16</td> |
|||
<td>setpassword</td> |
<td>setpassword</td> |
||
<td>set user password locally, need write access to ldb files</td> |
<td>set user password locally, need write access to ldb files</td> |
||
<td></td> |
<td><username?></td> |
||
<td>-H<br>--filter<br>--newpassword<br>--must-change-at-next-login</td> |
|||
<td></td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>17</td> |
|||
<td>time</td> |
<td>time</td> |
||
<td>Retrieve the time on a remote server (server connection needed)</td> |
<td>Retrieve the time on a remote server (server connection needed)</td> |
||
<td><servername?></td> |
|||
<td></td> |
<td></td> |
||
<td> |
<td>net time <servername></td> |
||
</tr> |
|||
<tr> |
|||
<td rowspan="2">18</td> |
|||
<td rowspan="2">user</td> |
|||
<td rowspan="2">create or delete a user</td> |
|||
<td>add <username> <password?></td> |
|||
<td></td> |
<td></td> |
||
<td rowspan="2"></td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>delete <username></td> |
||
<td>create or delete a user</td> |
|||
<td></td> |
<td></td> |
||
<td>create, delete</td> |
|||
<td>options</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>19</td> |
|||
<td>vampire</td> |
<td>vampire</td> |
||
<td>Join and synchronise a remote AD domain to the local server<br>(server connection needed)</td> |
<td>Join and synchronise a remote AD domain to the local server<br>(server connection needed)</td> |
||
<td></td> |
|||
<td>domain</td> |
<td>domain</td> |
||
<td></td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
</table> |
</table> |
||
General options are options that can be used on all commands and are as follows: |
|||
<h4>samba-tool proposal for command syntax changes</h4> |
|||
<ul> |
|||
<li>'''Samba Options'''</li> |
|||
<ul> |
|||
<li> list samba options here***</li> |
|||
</ul> |
|||
<li>'''Version Options</li> |
|||
<ul> |
|||
<li>-V</li> |
|||
<li>--version</li> |
|||
</ul> |
|||
<li>'''Credential Options</li> |
|||
<ul> |
|||
<li>list cred options***</li> |
|||
</ul> |
|||
</ul> |
|||
Also possibly open for discussion is the formats of some of the global options. Improvements for improved usability should be considered. |
|||
Command syntax will follow the format samba-tool <object> <action> parameter(s) <command specific options> <global options> unless otherwise indicated. |
|||
samba-tool <object> <action> <command specific options> <general options> |
|||
<h4>'''samba-tool proposal for command syntax changes'''</h4> |
|||
The proposed format for all new / existing functions on the samba-tool command are as follows: |
|||
Where is makes sense and is possible, the command syntax will follow the format: |
|||
'''samba-tool''' <object> <action> <parameter(s)> <command specific options> <global options> |
|||
Also, help will be improved and made consistent. |
|||
<ul> |
<ul> |
||
Line 208: | Line 269: | ||
<li>For each subcommand, help will be provided</li> |
<li>For each subcommand, help will be provided</li> |
||
<li>Error handling will be improved, more errors will be caught with useable messages being issued where applicable</li> |
<li>Error handling will be improved, more errors will be caught with useable messages being issued where applicable</li> |
||
<li>Would a --verbose option make sense on all the commands? consider when implementing (some commands have it today)</li> |
|||
</ul> |
</ul> |
||
<table border="1"> |
<table border="1"> |
||
<caption>'''samba-tool command proposed syntax changes'''</caption> |
|||
<tr> |
<tr> |
||
< |
<td>'''Ref num from previous table'''</td> |
||
<td>'''Object'''</td> |
|||
<td>'''Action'''</td> |
<td>'''Action'''</td> |
||
<td>''' |
<td>'''Parameters'''</td> |
||
<td>'''Specific Options'''</td> |
<td>'''Specific Options'''</td> |
||
<td>'''Global Options'''</td> |
<td>'''Global Options'''</td> |
||
Line 219: | Line 284: | ||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
< |
<td></td> |
||
<td> |
<td>dbcheck</td> |
||
<td |
<td></td> |
||
<td><DN></td> |
|||
<td>--as-sddl<br>--xattr-backend=native|tdb<br>--eadb-file=file</td> |
|||
<td> |
<td></td> |
||
<td></td> |
|||
<td>Could combine get and nt into one action getnt<br>Of leave as get <space> nt for historical purposes</td> |
|||
<td>should this be db <sp> check?</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td |
<td rowspan="5"></td> |
||
<td> |
<td rowspan="5">delegation</td> |
||
<td>add-service</td> |
|||
<td>--xattr-backend=native|tdb<br>--eadb-file=file</td> |
|||
<td |
<td rowspan="5"><accountname></td> |
||
<td rowspan="2"><principal></td> |
|||
<td>Could combine set and nt into one action setnt</td> |
|||
<td rowspan="5">Global options</td> |
|||
<td></td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>del-service</td> |
||
<td |
<td></td> |
||
</tr> |
|||
<td>--objectdn=objectdn<br>--car=control right<br>--action=deny|allow<br>--trusteedn=trustee-dn</td> |
|||
<tr> |
|||
<td>global options</td> |
|||
<td>for-any-protocol</td> |
|||
<td>Could combine set and ds into one action setds</td> |
|||
<td rowspan="2">on | off</td> |
|||
<td></td> |
|||
</tr> |
|||
<tr> |
|||
<td>for-any-service</td> |
|||
<td></td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td rowspan="2">domainlevel</td> |
|||
<td>show</td> |
<td>show</td> |
||
<td></td> |
<td></td> |
||
<td></td> |
|||
</tr> |
|||
<tr> |
|||
<td rowspan="8">2,5,9,11,13</td> |
|||
<td rowspan="8">domain</td> |
|||
<td rowspan="2">level</td> |
|||
<td>show</td> |
|||
<td></td> |
<td></td> |
||
<td>global options</td> |
<td>global options</td> |
||
Line 250: | Line 330: | ||
<tr> |
<tr> |
||
<td>raise</td> |
<td>raise</td> |
||
<td></td> |
|||
<td>-H<br>--quiet<br>--forest<br>--domain</td> |
<td>-H<br>--quiet<br>--forest<br>--domain</td> |
||
<td>global options</td> |
<td>global options</td> |
||
Line 256: | Line 335: | ||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td |
<td>join</td> |
||
<td> |
<td><dnsdomain> DC|RODC|MEMBER</td> |
||
<td></td> |
<td>--server=<br>--site=</td> |
||
<td></td> |
<td>global options</td> |
||
<td></td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>exportkeytab</td> |
||
<td></td> |
<td><keytab></td> |
||
<td></td> |
|||
<td></td> |
<td></td> |
||
<td>global options</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>machinepassword</td> |
||
<td></td> |
<td><accountname></td> |
||
<td></td> |
|||
<td></td> |
<td></td> |
||
<td>global options</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td rowspan="2">passwordsettings</td> |
||
<td></td> |
<td>show</td> |
||
<td></td> |
|||
<td></td> |
|||
<td></td> |
<td></td> |
||
<td rowspan="2">global options</td> |
|||
<td rowspan="2"></td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>set</td> |
||
<td>-H<br>--quiet<br>--complexity=on|off|default<br>--store-plaintext=on|off|default<br>--history-length=<br>--min-pwd-length=<br>--min-pwd-age=<br>--max-pwd-age=</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
</tr> |
</tr> |
||
<tr> |
|||
<td rowspan="4">group</td> |
|||
<td> |
<td>samba3upgrade</td> |
||
<td></td> |
<td><samba3 smb conf></td> |
||
<td></td> |
|||
<td></td> |
<td></td> |
||
<td>global options</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td rowspan="5">3</td> |
||
<td></td> |
<td rowspan="5">drs</td> |
||
<td></td> |
<td>bind</td> |
||
<td><dc></td> |
|||
<td></td> |
<td></td> |
||
<td>global options</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>kcc</td> |
||
<td></td> |
<td><dc></td> |
||
<td></td> |
|||
<td></td> |
<td></td> |
||
<td>global options</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>replicate</td> |
||
<td></td> |
<td><dest_dc> <source_dc> <nc></td> |
||
<td></td> |
<td>--add-ref<br>--sync-force</td> |
||
<td></td> |
<td>global options</td> |
||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td |
<td>showrepl</td> |
||
<td> |
<td><dc></td> |
||
<td></td> |
|||
<td></td> |
|||
<td></td> |
<td></td> |
||
<td>global options</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>options</td> |
||
<td></td> |
<td><dc></td> |
||
<td>--dsa-option=+|-IS_GC |<br>--dsa-option=+|-DISABLE_INBOUND_REPL<br>--dsa-option=+|-DISABLE_OUTBOUND_REPL<br>--dsa-option=+|-DISABLE_NTDSCONN_XLATE</td> |
|||
<td></td> |
|||
<td></td> |
<td>global options</td> |
||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td></td> |
<td>1</td> |
||
<td> |
<td>dsacl</td> |
||
<td> |
<td>set</td> |
||
<td> |
<td><file></td> |
||
<td>--objectdn=objectdn<br>--car=control right<br>--action=deny|allow<br>--trusteedn=trustee-dn</td> |
|||
<td>global options</td> |
<td>global options</td> |
||
<td> |
<td>Could combine set and nt into one action setnt</td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td rowspan="3">6</td> |
|||
<td rowspan="3">fsmo</td> |
|||
<td>show</td> |
|||
<td rowspan="3"></td> |
<td rowspan="3"></td> |
||
<td rowspan="3">--url=<br>--force<br>--role=rid|pdc|infrastructure|schema|naming|all</td> |
|||
<td>fsmo show</td> |
|||
<td rowspan="3">global options</td> |
|||
<td rowspan="3"></td> |
|||
</tr> |
|||
<tr> |
|||
<td>transfer</td> |
|||
</tr> |
|||
<tr> |
|||
<td>seize</td> |
|||
</tr> |
|||
<tr> |
|||
<td rowspan="2">8</td> |
|||
<td rowspan="2">gpo</td> |
|||
<td>list</td> |
|||
<td></td> |
<td></td> |
||
<td> |
<td>-H</td> |
||
<td>global options</td> |
<td>global options</td> |
||
<td></td> |
|||
<td>What is the object being shown? <br>domain controller? server? machine?</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>listall</td> |
||
<td></td> |
<td></td> |
||
<td> |
<td>-H</td> |
||
<td>global options</td> |
|||
<td></td> |
|||
</tr> |
|||
</tr> |
|||
<td rowspan="4">7</td> |
|||
<td rowspan="4">group</td> |
|||
<td>create</td> |
|||
<td><groupname></td> |
|||
<td>-H<br>--groupou=<br>--group-type=Security|Distribution<br>--description=<br>--mail-address=<br>--notest=</td> |
|||
<td>global options</td> |
<td>global options</td> |
||
<td>change "add" to create<br>more exact<br>now we have create/delete and <br>addmembers/removemembers</td> |
|||
<td>What is the object?</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td>delete</td> |
||
<td></td> |
<td><groupname></td> |
||
<td> |
<td>-H</td> |
||
<td>global options</td> |
<td>global options</td> |
||
<td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>addmembers</td> |
|||
<td><groupname> <listofmembers></td> |
|||
<td>-H</td> |
|||
<td>global options</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
|||
<td>export</td> |
|||
<tr> |
|||
<td>keytab</td> |
|||
<td> |
<td>removemembers</td> |
||
<td><groupname> <listofmembers></td> |
|||
<td>-H</td> |
|||
<td>global options</td> |
<td>global options</td> |
||
<td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
|||
<td>10</td> |
|||
<td>ldap</td> |
<td>ldap</td> |
||
<td>compare</td> |
<td>compare</td> |
||
<td><url1> <url2> <br><context1?><br><context2?><br><context3?></td> |
|||
<td>URL1, URL2</td> |
|||
<td>--two<br>--quiet<br>--verbose<br>--sd<br>--sort-aces<br>--view<br>--base<br>--base2<br>--scope</td> |
|||
<td>add options</td> |
|||
<td></td> |
<td>global options</td> |
||
<td>Change to split into ldap compare.</td> |
<td>Change to split into ldap compare. <br>Not done yet.</td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td rowspan="2"> |
<td rowspan="2">1</td> |
||
<td> |
<td rowspan="2">ntacl</td> |
||
<td></td> |
<td>get</td> |
||
<td></td> |
<td><file></td> |
||
<td>--as-sddl<br>--xattr-backend=native|tdb<br>--eadb-file=file</td> |
|||
<td></td> |
|||
<td>global options</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>set</td> |
<td>set</td> |
||
<td> |
<td><file></td> |
||
<td>--xattr-backend=native|tdb<br>--eadb-file=file</td> |
|||
<td></td> |
|||
<td></td> |
<td>global options</td> |
||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td rowspan="2">password</td> |
|||
<td>set</td> |
|||
<td>user</td> |
|||
<td></td> |
<td></td> |
||
<td>rodc</td> |
|||
<td>preload</td> |
|||
<td><SID> | <DN> | <accountname></td> |
|||
<td></td> |
<td></td> |
||
<td>global options</td> |
|||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td> |
<td rowspan="3"></td> |
||
<td> |
<td rowspan="3">spn</td> |
||
<td>add</td> |
|||
<td rowspan="2"><name></td> |
|||
<td rowspan="2"><user></td> |
|||
<td rowspan="3">global options</td> |
|||
<td rowspan="3"></td> |
|||
</tr> |
|||
<tr> |
|||
<td>delete</td> |
|||
</tr> |
|||
<tr> |
|||
<td>list</td> |
|||
<td><user></td> |
|||
<td></td> |
<td></td> |
||
</tr> |
|||
<tr> |
|||
<td></td> |
<td></td> |
||
<td>testparm</td> |
|||
<td></td> |
|||
<td></td> |
|||
<td></td> |
|||
<td>global options</td> |
|||
<td>Prompts for file name, inconsistent...?</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>17</td> |
|||
<td>time</td> |
<td>time</td> |
||
<td></td> |
<td></td> |
||
<td> |
<td><servername?></td> |
||
<td></td> |
<td></td> |
||
<td> |
<td>global options</td> |
||
<td></td> |
<td></td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td rowspan=" |
<td rowspan="10">4,12,14,15</td> |
||
<td rowspan="10">user</td> |
|||
<td>create</td> |
<td>create</td> |
||
<td>username</td> |
<td><username></td> |
||
<td>-h,--help<br>-H URL,--URL=URL<br>--must-change-at-next-login<br>etc...</td> |
|||
<td></td> |
|||
<td>global options</td> |
<td>global options</td> |
||
<td>Changing add to create |
<td>Changing add to create<br>The help on this command already says add - create a new user<br>create makes more sense, add sounds like it already exists and adding it to a group, for instance<br>opposite of removemembers is addmembers<br>does this need to support all option supported in the GUI on windows side?</td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>delete</td> |
<td>delete</td> |
||
<td>username</td> |
<td><username></td> |
||
<td></td> |
<td></td> |
||
<td>global options</td> |
<td>global options</td> |
||
Line 434: | Line 567: | ||
<tr> |
<tr> |
||
<td rowspan="4">setexpiry</td> |
<td rowspan="4">setexpiry</td> |
||
<td rowspan="4">username</td> |
<td rowspan="4"><username></td> |
||
<td>-H help</td> |
<td>-H help</td> |
||
<td rowspan="4">global options</td> |
<td rowspan="4">global options</td> |
||
<td rowspan=" |
<td rowspan="3">this used to be setexpiry username command</td> |
||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
Line 447: | Line 580: | ||
<tr> |
<tr> |
||
<td>--noexpiry</td> |
<td>--noexpiry</td> |
||
<td>this might be confusing<br>--noexpiry changes the password setting to "Never expires"<br>there is also an account "Never expires" setting which is what I thought this was<br>the reason I thought this is because the setexpiry --days command sets the account expiration, not the password expiration<br>--filter needs additional doc.<br>the format is --filter=samaccountname=<username><br>Also, my understanding is the sam is internal and should not be on the command.<br>possibly this parameter should change, as samaccountname is an internal concept, not to be used for an external of a command.<br>comments?<br>also, I haven't yet figured out the format for second filter parameter<br> something like accountexpires=xx (except thats not it!)</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td rowspan="2"> |
<td rowspan="2">enable</td> |
||
<td rowspan="2">username</td> |
<td rowspan="2"><username?></td> |
||
<td>-H help</td> |
<td>-H help</td> |
||
<td rowspan="2">global options</td> |
<td rowspan="2">global options</td> |
||
<td rowspan="2">this used to be enableaccount username command<br>Do we need a disableaccount as well?<br>Seems like it should be easy enough to implement.<br>--filter needs additional doc<br>the format is --filter=samaccountname=<username><br>Also, my understanding is the sam is internal and should not be on the command.<br>possibly this parameter should change, as samaccountname is an internal concept, not to be used for an external of a command.</td> |
|||
<td rowspan="2">this used to be enableaccount username command</td> |
|||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
Line 459: | Line 593: | ||
</tr> |
</tr> |
||
<tr> |
<tr> |
||
<td>setpassword</td> |
|||
<td><username> <password></td> |
|||
<td>-H<br>--filter=<br>--must-change-at-next-login</td> |
|||
<td>global options</td> |
|||
<td>This command combines samba-tool setpassword and samba-tool password set<br>this password command is intended to admins to set passwords for end users<br>usually requires admin password for authority<br>prompts for input if not specified on the command</td> |
|||
</tr> |
|||
<tr> |
|||
<td>password</td> |
|||
<td><username> <password></td> |
|||
<td></td> |
|||
<td>global options</td> |
|||
<td>This command is intended for end users to change their password<br>prompting for input if not specified on the command</td> |
|||
</tr> |
|||
<tr> |
|||
<td>19</td> |
|||
<td>vampire</td> |
<td>vampire</td> |
||
<td></td> |
<td></td> |
Latest revision as of 18:32, 10 October 2011
This wiki page documents the current externals of the samba-tool command in the first table below and proposed externals to the samba-tool command in the second table below. The purpose of the proposed changes is to make the samba-tool command more consistent and easier to use. Additionally, help for command completion will be provided in a more consistent manner, again for usability.
Current commands listed in __init__.py in samba 4 Version 4.0.0alpha15-GIT-a8a6433
samba-tool current commands
Ref Num | Subcommand | Description | Parameters | Command specific options | Net command |
1 | acl | get or set acls on a file | nt get <file> | --as-sddl --xattr\-backend=native|tdb --eadb-file=<file> |
|
nt set <file> | --quiet= --xattr-backend=native|tdb --eadb-file=<file> |
||||
ds set <file> | --host= --car=... --action=allow|deny --objectdn= --trusteedn= --sddl= --eadb-file=<file> |
||||
2 | domainlevel | Raises domain and forest function level | show | -H --quiet --forest=2003|2008|2008_R2 --domain=2003|2008|2008_R2 |
|
raise | |||||
3 | drs | various directory replication services | bind <dc> | ||
kcc <dc> | |||||
replicate <dest_dc> <source_dc> <nc> | --add-ref --sync-force |
||||
showrepl <dc> | |||||
4 | enableaccount | enable a user | <username> | --filter= | |
5 | export | Dumps kerberos keys of the domain into a keytab | keytab <keytab> | net export keytab <keytab> | |
6 | fsmo | Makes the target DC transfer or seize fsmo role (server connection needed) transfer: request the role from current owner seize: take the role by force, current master is dead |
show | --url --force --role=rid|pdc|infrastructure|schema|naming|all |
|
transfer | --url --force --role=rid|pdc|infrastructure|schema|naming|all |
||||
seize | --url --force --role=rid|pdc|infrastructure|schema|naming|all |
||||
7 | group | Add or delete groups or add members to or remove members from a group | add <groupname> | -H --groupou= --group-type=Security|Distribution --description= --mail-address= --notest= |
|
delete <groupname> | -H | ||||
addmembers <groupname> <listofmembers> | -H |
||||
removemembers <groupname> <listofmembers> | -H |
||||
8 | gpo2 | List group policies | list <username> | -H | |
listall | |||||
9 | join | Join a domain as either a member or a backup domain controller (server connection required) |
<dnsdomain> DC | --server= --site= |
|
<dnsdomain> RODC | |||||
<dnsdomain> MEMBER | |||||
10 | ldapcmp | compare two ldap databases | <url1> <url2> <context1?> <context2?> <context3?> | --two --quiet --verbose --sd --sort-aces --view --base --base2 --scope |
|
11 | machinepw | get machine PW out of SAM | <accountname> | net machinepw <accountname> | |
12 | newuser | Create a new user | <username> <password?> | -H --must-change-at_next-login --user-username-as-cn<br.--userou --surname --given-name --initials --profile-path --script-path --home-drive --home-directory --job-title --department --company --description --mail-address --internet-address --telephone-number --physical-delivery-office |
|
13 | pwsettings | Sets password settings | set | -H --quiet --complexity=on|off|default --store-plaintext=on|off|default --history-length= --min-pwd-length= --min-pwd-age= --max-pwd-age= |
|
show | |||||
14 | password | set or change password, | set <username> <password> | ||
change | |||||
15 | setexpiry | Sets the expiration of a user account | <username> | -H --filter --days= --noexpiry |
|
16 | setpassword | set user password locally, need write access to ldb files | <username?> | -H --filter --newpassword --must-change-at-next-login |
|
17 | time | Retrieve the time on a remote server (server connection needed) | <servername?> | net time <servername> | |
18 | user | create or delete a user | add <username> <password?> | ||
delete <username> | |||||
19 | vampire | Join and synchronise a remote AD domain to the local server (server connection needed) |
domain |
General options are options that can be used on all commands and are as follows:
- Samba Options
- list samba options here***
- Version Options
- -V
- --version
- Credential Options
- list cred options***
Also possibly open for discussion is the formats of some of the global options. Improvements for improved usability should be considered.
samba-tool proposal for command syntax changes
The proposed format for all new / existing functions on the samba-tool command are as follows: Where is makes sense and is possible, the command syntax will follow the format: samba-tool <object> <action> <parameter(s)> <command specific options> <global options>
Also, help will be improved and made consistent.
- When the samba-tool command is issued without a subcommand, it will return a list of valid subcommands (it does this today)
- After each subcommand is entered, if more parameters are required a list of what comes next will be shown (sometimes does this today)
- If the command syntax is completely incorrect, will give the format of the subcommand (sometimes does this today)
- For each subcommand, help will be provided
- Error handling will be improved, more errors will be caught with useable messages being issued where applicable
- Would a --verbose option make sense on all the commands? consider when implementing (some commands have it today)
Ref num from previous table | Object | Action | Parameters | Specific Options | Global Options | Comments and Equivalent net command (samba 3) |
dbcheck | <DN> | should this be db <sp> check? | ||||
delegation | add-service | <accountname> | <principal> | Global options | ||
del-service | ||||||
for-any-protocol | on | off | |||||
for-any-service | ||||||
show | ||||||
2,5,9,11,13 | domain | level | show | global options | ||
raise | -H --quiet --forest --domain |
global options | ||||
join | <dnsdomain> DC|RODC|MEMBER | --server= --site= |
global options | |||
exportkeytab | <keytab> | global options | ||||
machinepassword | <accountname> | global options | ||||
passwordsettings | show | global options | ||||
set | -H --quiet --complexity=on|off|default --store-plaintext=on|off|default --history-length= --min-pwd-length= --min-pwd-age= --max-pwd-age= |
|||||
samba3upgrade | <samba3 smb conf> | global options | ||||
3 | drs | bind | <dc> | global options | ||
kcc | <dc> | global options | ||||
replicate | <dest_dc> <source_dc> <nc> | --add-ref --sync-force |
global options | |||
showrepl | <dc> | global options | ||||
options | <dc> | --dsa-option=+|-IS_GC | --dsa-option=+|-DISABLE_INBOUND_REPL --dsa-option=+|-DISABLE_OUTBOUND_REPL --dsa-option=+|-DISABLE_NTDSCONN_XLATE |
global options | |||
1 | dsacl | set | <file> | --objectdn=objectdn --car=control right --action=deny|allow --trusteedn=trustee-dn |
global options | Could combine set and nt into one action setnt |
6 | fsmo | show | --url= --force --role=rid|pdc|infrastructure|schema|naming|all |
global options | ||
transfer | ||||||
seize | ||||||
8 | gpo | list | -H | global options | ||
listall | -H | global options | ||||
7 | group | create | <groupname> | -H --groupou= --group-type=Security|Distribution --description= --mail-address= --notest= |
global options | change "add" to create more exact now we have create/delete and addmembers/removemembers |
delete | <groupname> | -H | global options | |||
addmembers | <groupname> <listofmembers> | -H | global options | |||
removemembers | <groupname> <listofmembers> | -H | global options | |||
10 | ldap | compare | <url1> <url2> <context1?> <context2?> <context3?> |
--two --quiet --verbose --sd --sort-aces --view --base --base2 --scope |
global options | Change to split into ldap compare. Not done yet. |
1 | ntacl | get | <file> | --as-sddl --xattr-backend=native|tdb --eadb-file=file |
global options | |
set | <file> | --xattr-backend=native|tdb --eadb-file=file |
global options | |||
rodc | preload | <SID> | <DN> | <accountname> | global options | |||
spn | add | <name> | <user> | global options | ||
delete | ||||||
list | <user> | |||||
testparm | global options | Prompts for file name, inconsistent...? | ||||
17 | time | <servername?> | global options | |||
4,12,14,15 | user | create | <username> | -h,--help -H URL,--URL=URL --must-change-at-next-login etc... |
global options | Changing add to create The help on this command already says add - create a new user create makes more sense, add sounds like it already exists and adding it to a group, for instance opposite of removemembers is addmembers does this need to support all option supported in the GUI on windows side? |
delete | <username> | global options | ||||
setexpiry | <username> | -H help | global options | this used to be setexpiry username command | ||
--days=int | ||||||
--filter=str | ||||||
--noexpiry | this might be confusing --noexpiry changes the password setting to "Never expires" there is also an account "Never expires" setting which is what I thought this was the reason I thought this is because the setexpiry --days command sets the account expiration, not the password expiration --filter needs additional doc. the format is --filter=samaccountname=<username> Also, my understanding is the sam is internal and should not be on the command. possibly this parameter should change, as samaccountname is an internal concept, not to be used for an external of a command. comments? also, I haven't yet figured out the format for second filter parameter something like accountexpires=xx (except thats not it!) |
|||||
enable | <username?> | -H help | global options | this used to be enableaccount username command Do we need a disableaccount as well? Seems like it should be easy enough to implement. --filter needs additional doc the format is --filter=samaccountname=<username> Also, my understanding is the sam is internal and should not be on the command. possibly this parameter should change, as samaccountname is an internal concept, not to be used for an external of a command. |
||
--filter=str | ||||||
setpassword | <username> <password> | -H --filter= --must-change-at-next-login |
global options | This command combines samba-tool setpassword and samba-tool password set this password command is intended to admins to set passwords for end users usually requires admin password for authority prompts for input if not specified on the command |
||
password | <username> <password> | global options | This command is intended for end users to change their password prompting for input if not specified on the command |
|||
19 | vampire | domain | global options | Keep as vampire command for usability / historical purposes Do not change to object action format |