Samba-tool-external
From SambaWiki
samba-tool
This wiki page will document the current externals of the samba-tool command with proposed changes to be made for consistency and usability.
The proposed format for all new / existing functions on the samba-tool command are as follows:
samba-tool <object> <action> <command specific options> <general options>
- When the samba-tool command is issued without a subcommand, it will return a list of valid subcommands (it does this today)
- After each subcommand is entered, if more parameters are required a list of what comes next will be shown (sometimes does this today)
- If the command syntax is completely incorrect, will give the format of the subcommand (sometimes does this today)
- For each subcommand, help will be provided
- Error handling will be improved, more errors will be caught with useable messages being issued where applicable
General options are options that can be used on all commands and are as follows:
- Samba Options
- list samba options here
- Version Options
- -V
- --version
- Credential Options
- list cred options
Current commands listed in __init__.py in samba 4 Version 4.0.0alpha15-GIT-b12fbc2
samba-tool current commands:
Subcommand | Description | Parameters | Command specific options | General options | |
acl | get or set acls on a file | nt get <file> | --as-sddl --xattr\-backend=native|tdb --eadb-file=<file> |
general options | |
nt set <file> | --quiet= --xattr-backend=native|tdb --eadb-file=<file> |
general options | |||
ds set <file> | --host= --car=... --action=allow|deny --objectdn= --trusteedn= --sddl= --eadb-file=<file> |
general options | |||
domainlevel | Raises domain and forest function level | show | -H --quiet --forest=2003|2008|2008_R2 --domain=2003|2008|2008_R2 |
general options | |
raise | |||||
drs | various directory replication services | bind, kcc, replicate, showrepl, options | add options | ||
enableaccount | enable a user | username | |||
export | Dumps kerberos keys of the domain into a keytab | keytab | |||
fsmo | Makes the target DC transfer or seize fsmo role (server connection needed) | show, transfer, seize | Add options | ||
group | Add or delete groups or add members to or remove members from a group | add,delete,addmembers,removemembers | |||
gpo2 | List group policies | list, listall | |||
join | Join a domain as either a member or a backup domain controller (server connection required) |
dns domain | add options | ||
ldapcmp | compare two ldap databases | UR1L, URL2 | add options | ||
machinepw | get machine PW out of SAM | ||||
newuser | |||||
pwsettings | Sets password settings | set, show | |||
password | set or change password, | set, change | user | ||
setexpiry | Sets the expiration of a user account | [username] | add options | ||
setpassword | set user password locally, need write access to ldb files | ||||
time | Retrieve the time on a remote server (server connection needed) | [server-name] | |||
user | create or delete a user | create, delete | options | ||
vampire | Join and synchronise a remote AD domain to the local server (server connection needed) |
domain |
samba-tool proposal for command syntax changes
Command syntax will follow the format samba-tool <object> <action> parameter(s) <command specific options> <global options> unless otherwise indicated.
<tdObject | Action | Parameter(s) | Specific Options | Global Options | Comments |
---|---|---|---|---|---|
acl | get nt | <file> | --as-sddl --xattr-backend=native|tdb --eadb-file=file |
global options | Could combine get and nt into one action getnt Of leave as get <space> nt for historical purposes |
set nt | <file> | --xattr-backend=native|tdb --eadb-file=file |
global options | Could combine set and nt into one action setnt | |
set ds | <file> | --objectdn=objectdn --car=control right --action=deny|allow --trusteedn=trustee-dn |
global options | Could combine set and ds into one action setds | |
domainlevel | show | global options | |||
raise | -H --quiet --forest --domain |
global options | |||
drs | bind | ||||
kcc | |||||
replicate | |||||
showrepl | |||||
options | |||||
group | add | ||||
delete | |||||
addmembers | |||||
removemembers | |||||
gpo2 | list | ||||
listall | |||||
join | dns domain | add options | global options | What is the object being joined? server? machine? | |
fsmo show | add options | global options | What is the object being shown? domain controller? server? machine? |
||
fsmo transfer | add options | global options | What is the object? | ||
fsmo seize | add options | global options | What is the object? | ||
export | keytab | add options | global options | What is the object? | |
ldap | compare | URL1, URL2 | add options | Change to split into ldap compare. | |
pwsettings | show | ||||
set | add parameters that can be set | ||||
password | set | user | |||
change | user | ||||
time | server-name | Change format? add an optional action: show ? | |||
user | create | username | global options | Changing add to create, can / should make an alias? The help on this command already says add - create a new user create makes more sense, add sounds like it already exists and adding it to a group, for instance opposite of removemembers is addmembers |
|
delete | username | global options | |||
setexpiry | username | -H help | global options | this used to be setexpiry username command | |
--days=int | |||||
--filter=str | |||||
--noexpiry | |||||
enableaccount | username | -H help | global options | this used to be enableaccount username command | |
--filter=str | |||||
vampire | domain | global options | Keep as vampire command for usability / historical purposes Do not change to object action format |