Difference between revisions of "Samba-tool-external"

From SambaWiki
m
m
Line 249: Line 249:
 
<li>For each subcommand, help will be provided</li>
 
<li>For each subcommand, help will be provided</li>
 
<li>Error handling will be improved, more errors will be caught with useable messages being issued where applicable</li>
 
<li>Error handling will be improved, more errors will be caught with useable messages being issued where applicable</li>
  +
<li>Would a --verbose option make sense on all the commands? consider when implementing (some commands have it today)</li>
 
</ul>
 
</ul>
   
Line 392: Line 393:
 
<td rowspan="3">fsmo</td>
 
<td rowspan="3">fsmo</td>
 
<td>show</td>
 
<td>show</td>
<td></td>
+
<td rowspan="3"></td>
  +
<td rowspan="3">--url=<br>--force<br>--role=rid|pdc|infrastructure|schema|naming|all</td>
<td>add options</td>
 
<td>global options</td>
+
<td rowspan="3">global options</td>
 
<td></td>
 
<td></td>
 
</tr>
 
</tr>
 
<tr>
 
<tr>
 
<td>transfer</td>
 
<td>transfer</td>
<td></td>
 
<td>add options</td>
 
<td>global options</td>
 
<td>What is the object?</td>
 
 
</tr>
 
</tr>
 
<tr>
 
<tr>
 
<td>seize</td>
 
<td>seize</td>
<td></td>
 
<td>add options</td>
 
<td>global options</td>
 
<td>What is the object?</td>
 
 
</tr>
 
</tr>
 
<tr>
 
<tr>
<td></td>
+
<td>keytab</td>
 
<td>export</td>
 
<td>export</td>
<td>keytab</td>
+
<td><keytab></td>
 
<td>add options</td>
 
<td>add options</td>
 
<td>global options</td>
 
<td>global options</td>
Line 421: Line 414:
 
<td>ldap</td>
 
<td>ldap</td>
 
<td>compare</td>
 
<td>compare</td>
  +
<td><url1> <url2> <br><context1?><br><context2?><br>context3?></td>
<td>URL1, URL2</td>
 
  +
<td>--two<br>--quiet<br>--verbose<br>--sd<br>--sort-aces<br>--view<br>--base<br>--base2<br>--scope</td>
<td>add options</td>
 
<td></td>
+
<td>global options</td>
 
<td>Change to split into ldap compare.</td>
 
<td>Change to split into ldap compare.</td>
 
</tr>
 
</tr>
Line 429: Line 422:
 
<td rowspan="2">pwsettings</td>
 
<td rowspan="2">pwsettings</td>
 
<td>show</td>
 
<td>show</td>
 
<td rowspan="2"></td>
 
<td></td>
 
<td></td>
<td></td>
+
<td rowspan="2">global options</td>
<td></td>
+
<td rowspan="2"></td>
<td></td>
 
 
</tr>
 
</tr>
 
<tr>
 
<tr>
 
<td>set</td>
 
<td>set</td>
  +
<td>-H<br>--quiet<br>--complexity=on|off|default<br>--store-plaintext=on|off|default<br>--history-length=<br>--min-pwd-length=<br>--min-pwd-age=<br>--max-pwd-age=</td>
<td>add parameters that can be set</td>
 
<td></td>
 
<td></td>
 
<td></td>
 
 
</tr>
 
</tr>
 
<tr>
 
<tr>

Revision as of 20:29, 3 May 2011

This wiki page documents the current externals of the samba-tool command in the first table below and proposed externals to the samba-tool command in the second table below. The purpose of the proposed changes is to make the samba-tool command more consistent and easier to use. Additionally, help for command completion will be provided in a more consistent manner, again for usability.

Current commands listed in __init__.py in samba 4 Version 4.0.0alpha15-GIT-a8a6433

samba-tool current commands

samba-tool current commands
Subcommand Description Parameters Command specific options Net command
acl get or set acls on a file nt get <file> --as-sddl
--xattr\-backend=native|tdb
--eadb-file=<file>
nt set <file> --quiet=
--xattr-backend=native|tdb
--eadb-file=<file>
ds set <file> --host=
--car=...
--action=allow|deny
--objectdn=
--trusteedn=
--sddl=
--eadb-file=<file>
domainlevel Raises domain and forest function level show -H
--quiet
--forest=2003|2008|2008_R2
--domain=2003|2008|2008_R2
raise
drs various directory replication services bind <dc>
kcc <dc>
replicate <dest_dc> <source_dc> <nc> --add-ref
--sync-force
showrepl <dc>
enableaccount enable a user <username> --filter=
export Dumps kerberos keys of the domain into a keytab keytab <keytab> net export keytab <keytab>
fsmo Makes the target DC transfer or seize fsmo role (server connection needed)
transfer: request the role from current owner
seize: take the role by force, current master is dead
show --url
--force
--role=rid|pdc|infrastructure|schema|naming|all
transfer --url
--force
--role=rid|pdc|infrastructure|schema|naming|all
seize --url
--force
--role=rid|pdc|infrastructure|schema|naming|all
group Add or delete groups or add members to or remove members from a group add <groupname> -H
--groupou=
--group-type=Security|Distribution
--description=
--mail-address=
--notest=
delete <groupname> -H
addmembers <groupname> <listofmembers> -H
removemembers <groupname> <listofmembers> -H
gpo2 List group policies list <username> -H
listall
join Join a domain as either a member or a backup domain controller
(server connection required)
<dnsdomain> DC --server=
--site=
<dnsdomain> RODC
<dnsdomain> MEMBER
ldapcmp compare two ldap databases <url1> <url2> <context1?> <context2?> <context3?> --two
--quiet
--verbose
--sd
--sort-aces
--view
--base
--base2
--scope
machinepw get machine PW out of SAM <accountname> net machinepw <accountname>
newuser Create a new user <username> <password?> -H
--must-change-at_next-login
--user-username-as-cn<br.--userou
--surname
--given-name
--initials
--profile-path
--script-path
--home-drive
--home-directory
--job-title
--department
--company
--description
--mail-address
--internet-address
--telephone-number
--physical-delivery-office
pwsettings Sets password settings set -H
--quiet
--complexity=on|off|default
--store-plaintext=on|off|default
--history-length=
--min-pwd-length=
--min-pwd-age=
--max-pwd-age=
show
password set or change password, set <username> <password>
change
setexpiry Sets the expiration of a user account <username> -H
--filter
--days=
--noexpiry
setpassword set user password locally, need write access to ldb files <username?> -H
--filter
--newpassword
--must-change-at-next-login
time Retrieve the time on a remote server (server connection needed) <servername?> net time <servername>
user create or delete a user add <username> <password?>
delete <username>
vampire Join and synchronise a remote AD domain to the local server
(server connection needed)
domain

General options are options that can be used on all commands and are as follows:

  • Samba Options
    • list samba options here***
  • Version Options
    • -V
    • --version
  • Credential Options
    • list cred options***

Also possibly open for discussion is the formats of some of the global options. Improvements for improved usability should be considered.


samba-tool proposal for command syntax changes

The proposed format for all new / existing functions on the samba-tool command are as follows: Where is makes sense and is possible, the command syntax will follow the format: samba-tool <object> <action> <parameter(s)> <command specific options> <global options>

Also, help will be improved and made consistent.

  • When the samba-tool command is issued without a subcommand, it will return a list of valid subcommands (it does this today)
  • After each subcommand is entered, if more parameters are required a list of what comes next will be shown (sometimes does this today)
  • If the command syntax is completely incorrect, will give the format of the subcommand (sometimes does this today)
  • For each subcommand, help will be provided
  • Error handling will be improved, more errors will be caught with useable messages being issued where applicable
  • Would a --verbose option make sense on all the commands? consider when implementing (some commands have it today)
samba-tool command proposed syntax changes
Object Action Parameters Specific Options Global Options Comments and Equivalent net command (samba 3)
acl get nt <file> --as-sddl
--xattr-backend=native|tdb
--eadb-file=file
global options Could combine get and nt into one action getnt
Of leave as get <space> nt for historical purposes
set nt <file> --xattr-backend=native|tdb
--eadb-file=file
global options Could combine set and nt into one action setnt
set ds <file> --objectdn=objectdn
--car=control right
--action=deny|allow
--trusteedn=trustee-dn
global options Could combine set and ds into one action setds
domainlevel show global options
raise -H
--quiet
--forest
--domain
global options
drs bind <dc> global options
kcc <dc> global options
replicate <dest_dc> <source_dc> <nc> --add-ref
--sync-force
global options
showrepl <dc> global options
options <dc> --dsa-option=+|-IS_GC |
--dsa-option=+|-DISABLE_INBOUND_REPL
--dsa-option=+|-DISABLE_OUTBOUND_REPL
--dsa-option=+|-DISABLE_NTDSCONN_XLATE
global options
group add <groupname> -H
--groupou=
--group-type=Security|Distribution
--description=
--mail-address=
--notest=
global options
delete <groupname> -H global options
addmembers <groupname> <listofmembers> -H global options
removemembers <groupname> <listofmembers> -H global options
gpo list -H global options
listall -H global options
DC join <dnsdomain> --server=
--site=
--mode=R0|<none,default>
global options An alternative is to keep join <dnsdomain> DC|RODC|MEMBER
MEMBER --server=
--site=
fsmo show --url=
--force
--role=rid|pdc|infrastructure|schema|naming|all
global options
transfer
seize
keytab export <keytab> add options global options What is the object?
ldap compare <url1> <url2>
<context1?>
<context2?>
context3?>
--two
--quiet
--verbose
--sd
--sort-aces
--view
--base
--base2
--scope
global options Change to split into ldap compare.
pwsettings show global options
set -H
--quiet
--complexity=on|off|default
--store-plaintext=on|off|default
--history-length=
--min-pwd-length=
--min-pwd-age=
--max-pwd-age=
password set user
change user
time server-name Change format? add an optional action: show ?
user create username global options Changing add to create, can / should make an alias?
The help on this command already says add - create a new user
create makes more sense, add sounds like it already exists and adding it to a group, for instance
opposite of removemembers is addmembers
delete username global options
setexpiry username -H help global options this used to be setexpiry username command
--days=int
--filter=str
--noexpiry
enableaccount username -H help global options this used to be enableaccount username command
--filter=str
vampire domain global options Keep as vampire command for usability / historical purposes
Do not change to object action format