Samba-tool-external: Difference between revisions

From SambaWiki
mNo edit summary
mNo edit summary
Line 25: Line 25:
<td>'''Command specific options'''</td>
<td>'''Command specific options'''</td>
<td>'''General options'''</td>
<td>'''General options'''</td>
<td>'''Comments'''</td>
</tr>
</tr>
<tr>
<tr>
Line 33: Line 32:
<td>--as-sddl<br>--xattr\-backend=native|tdb<br>--eadb-file=<file></td>
<td>--as-sddl<br>--xattr\-backend=native|tdb<br>--eadb-file=<file></td>
<td>general options</td>
<td>general options</td>
<td></td>
</tr>
</tr>
<tr>
<tr>
Line 39: Line 37:
<td>--quiet=<br>--xattr-backend=native|tdb<br>--eadb-file=<file></td>
<td>--quiet=<br>--xattr-backend=native|tdb<br>--eadb-file=<file></td>
<td>general options</td>
<td>general options</td>
<td></td>
</tr>
</tr>
<tr>
<tr>
Line 45: Line 42:
<td>--host=<br>--car=...<br>--action=allow|deny<br>--objectdn=<br>--trusteedn=<br>--sddl=<br>--eadb-file=<file></td>
<td>--host=<br>--car=...<br>--action=allow|deny<br>--objectdn=<br>--trusteedn=<br>--sddl=<br>--eadb-file=<file></td>
<td>general options</td>
<td>general options</td>
<td></td>
</tr>
</tr>
<tr>
<tr>
Line 53: Line 49:
<td></td>
<td></td>
<td>add options</td>
<td>add options</td>
<td></td>
</tr>
</tr>
<tr>
<tr>
Line 61: Line 56:
<td></td>
<td></td>
<td>add options</td>
<td>add options</td>
<td></td>
</tr>
</tr>
<tr>
<tr>
Line 69: Line 63:
<td>username</td>
<td>username</td>
<td></td>
<td></td>
<td>Change to '''user enableaccount'''<br>to be consistent with object action<br>combine with samba-tool user</td>
</tr>
</tr>
<tr>
<tr>
Line 77: Line 70:
<td></td>
<td></td>
<td></td>
<td></td>
<td>Change to '''keytab export'''?<br>to be consistent with object action</td>
</tr>
</tr>
<tr>
<tr>
Line 85: Line 77:
<td></td>
<td></td>
<td>Add options</td>
<td>Add options</td>
<td></td>
</tr>
</tr>
<tr>
<tr>
Line 91: Line 82:
<td>Add or delete groups or add members to or remove members from a group</td>
<td>Add or delete groups or add members to or remove members from a group</td>
<td>add,delete,addmembers,removemembers</td>
<td>add,delete,addmembers,removemembers</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
Line 99: Line 89:
<td>List group policies</td>
<td>List group policies</td>
<td>list, listall</td>
<td>list, listall</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
Line 109: Line 98:
<td></td>
<td></td>
<td>add options</td>
<td>add options</td>
<td>Change command to DOMAIN [JOINDC JOINRODC, JOINMEMBER, options]<br>consistent with object action format.<br>what is the object<br>maybe keep as samba-tool join with implicit object?</td>
</tr>
</tr>
<tr>
<tr>
Line 117: Line 105:
<td></td>
<td></td>
<td>add options</td>
<td>add options</td>
<td>Change to split into ldap compare.</td>
</tr>
</tr>
<tr>
<tr>
Line 125: Line 112:
<td></td>
<td></td>
<td></td>
<td></td>
<td>Change to '''password machine show'''?</td>
</tr>
</tr>
<tr>
<tr>
Line 133: Line 119:
<td></td>
<td></td>
<td></td>
<td></td>
<td>combine function with '''user create'''</td>
</tr>
</tr>
<tr>
<tr>
Line 149: Line 134:
<td>user</td>
<td>user</td>
<td></td>
<td></td>
<td>re-write into python<br>add machinepw to this command<br>password machine show?</tr>
</tr>
</tr>
<tr>
<tr>
Line 157: Line 141:
<td>[username]</td>
<td>[username]</td>
<td>add options</td>
<td>add options</td>
<td>Change to user setexpiry [username]?</td>
</tr>
</tr>
<tr>
<tr>
Line 165: Line 148:
<td></td>
<td></td>
<td></td>
<td></td>
<td>Use password command<br>combine both commands local and remote into one external</tr>
</tr>
</tr>
<tr>
<tr>
Line 173: Line 155:
<td>[server-name]</td>
<td>[server-name]</td>
<td></td>
<td></td>
<td>Change format</td>
</tr>
</tr>
<tr>
<tr>
Line 181: Line 162:
<td>create, delete</td>
<td>create, delete</td>
<td>options</td>
<td>options</td>
<td>Add enable, add setexpiry?</td>
</tr>
</tr>
<tr>
<tr>
Line 189: Line 169:
<td>domain</td>
<td>domain</td>
<td></td>
<td></td>
<td>hmmm...</td>
</tr>
</tr>
</table>
</table>

Revision as of 17:26, 28 April 2011

samba-tool

This wiki page will document the current externals of the samba-tool command with proposed changes to be made for consistency and usability.

The proposed format for all new / existing functions on the samba-tool command are as follows:

samba-tool <object> <action> <command specific options> <general options>

  • When the samba-tool command is issued without a subcommand, it will return a list of valid subcommands (it does this today)
  • After each subcommand is entered, if more parameters are required a list of what comes next will be shown (sometimes does this today)
  • If the command syntax is completely incorrect, will give the format of the subcommand (sometimes does this today)
  • For each subcommand, help will be provided
  • Error handling will be improved, more errors will be caught with useable messages being issued where applicable

Current commands listed in __init__.py in samba 4 Version 4.0.0alpha15-GIT-b12fbc2

samba-tool current commands:

Subcommand Description Parameters Command specific options General options
acl get or set acls on a file nt get <file> --as-sddl
--xattr\-backend=native|tdb
--eadb-file=<file>
general options
nt set <file> --quiet=
--xattr-backend=native|tdb
--eadb-file=<file>
general options
ds set <file> --host=
--car=...
--action=allow|deny
--objectdn=
--trusteedn=
--sddl=
--eadb-file=<file>
general options
domainlevel Raises domain and forest function level show or raise add options
drs various directory replication services bind, kcc, replicate, showrepl, options add options
enableaccount enable a user username
export Dumps kerberos keys of the domain into a keytab keytab
fsmo Makes the target DC transfer or seize fsmo role (server connection needed) show, transfer, seize Add options
group Add or delete groups or add members to or remove members from a group add,delete,addmembers,removemembers
gpo2 List group policies list, listall
join Join a domain as either a member or a backup domain controller (server connection required) dns domain add options
ldapcmp compare two ldap databases UR1L, URL2 add options
machinepw get machine PW out of SAM
newuser
pwsettings Sets password settings set, show
password set or change password, set, change user
setexpiry Sets the expiration of a user account [username] add options
setpassword set user password locally, need write access to ldb files
time Retrieve the time on a remote server (server connection needed) [server-name]
user create or delete a user create, delete options
vampire Join and synchronise a remote AD domain to the local server
(server connection needed)
domain

samba-tool proposal for command syntax changes

Command syntax will follow the format samba-tool <object> <action> parameter(s) <command specific options> <global options> unless otherwise indicated.

<td
Object Action Parameter(s) Specific Options Global Options Comments
acl get nt <file> --as-sddl
--xattr-backend=native|tdb
--eadb-file=file
global options Could combine get and nt into one action getnt
Of leave as get <space> nt for historical purposes
set nt <file> --xattr-backend=native|tdb
--eadb-file=file
global options Could combine set and nt into one action setnt
set ds <file> --objectdn=objectdn
--car=control right
--action=deny|allow
--trusteedn=trustee-dn
global options Could combine set and ds into one action setds
domainlevel show global options
raise -H
--quiet
--forest
--domain
global options
drs bind
kcc
replicate
showrepl
options
group add
delete
addmembers
removemembers
gpo2 list
listall
join dns domain add options global options What is the object being joined? server? machine?
fsmo show add options global options What is the object being shown?
domain controller? server? machine?
fsmo transfer add options global options What is the object?
fsmo seize add options global options What is the object?
export keytab add options global options What is the object?
ldap compare URL1, URL2 add options Change to split into ldap compare.
pwsettings show
set add parameters that can be set
password set user
change user
time server-name Change format? add an optional action: show ?
user create username global options Changing add to create, can / should make an alias?
The help on this command already says add - create a new user
create makes more sense, add sounds like it already exists and adding it to a group, for instance
opposite of removemembers is addmembers
delete username global options
setexpiry username -H help global options this used to be setexpiry username command
--days=int
--filter=str
--noexpiry
enableaccount username -H help global options this used to be enableaccount username command
--filter=str
vampire domain global options Keep as vampire command for usability / historical purposes
Do not change to object action format