Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
International Rescue Committe

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 67 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

smbpasswd



SYNOPSIS

       When run by root:

       smbpasswd [ options ]  [ username ]  [ password ]

       otherwise:

       smbpasswd [ options ]  [ password ]


DESCRIPTION

       This tool is part of the  Samba suite.

       The  smbpasswd  program  has  several different functions,
       depending on whether it is run by the root  user  or  not.
       When run as a normal user it allows the user to change the
       password used for their SMB sessions on any machines  that
       store SMB passwords.

       By default (when run with no arguments) it will attempt to
       change the  current  user's  SMB  password  on  the  local
       machine.  This is similar to the way the passwd(1) program
       works.  smbpasswd differs  from  how  the  passwd  program
       works however in that it is not setuid root but works in a
       client-server mode and communicates with a locally running
       smbd(8). As a consequence in order for this to succeed the
       smbd daemon must be running on the  local  machine.  On  a
       UNIX  machine  the  encrypted  SMB  passwords  are usually
       stored in the smbpasswd(5) file.

       When run by an ordinary user with  no  options.  smbpasswd
       will  prompt  them for their old SMB password and then ask
       them for their new password twice, to ensure that the  new
       password  was typed correctly. No passwords will be echoed
       on the screen whilst being typed. If you have a blank  SMB
       password  (specified  by  the  string "NO PASSWORD" in the
       smbpasswd file) then just press the <Enter> key when asked
       for your old password.

       smbpasswd  can  also  be  used  by a normal user to change
       their SMB password on remote machines, such as Windows  NT
       Primary  Domain  Controllers.  See the (-r) and -U options
       below.

       When run by root, smbpasswd allows new users to  be  added
       and  deleted  in  the  smbpasswd  file,  as well as allows
       changes to the attributes of the user in this file  to  be
       made.  When run by root, smbpasswd accesses the local smb­
       passwd file directly, thus enabling  changes  to  be  made
       even if smbd is not running.

       smbpasswd can also be used to retrieve the SIDs related to
       previous incarnations of this server on the same  machine,

       -h     This option prints the help string for smbpasswd.

       -c smb.conf file
              This  option  specifies that the configuration file
              specified should be used  instead  of  the  default
              value specified at compile time.

       -D debuglevel
              debuglevel  is an integer from 0 to 10. The default
              value if this parameter is not specified is zero.

              The higher this value,  the  more  detail  will  be
              logged  to  the  log  files about the activities of
              smbpasswd. At level 0,  only  critical  errors  and
              serious warnings will be logged.

              Levels  above  1 will generate considerable amounts
              of log data, and should only be used when  investi­
              gating  a  problem. Levels above 3 are designed for
              use only by developers and generate HUGE amounts of
              log data, most of which is extremely cryptic.

       -r remote machine name
              This  option  allows a user to specify what machine
              they wish to change their password on. Without this
              parameter smbpasswd defaults to the local host. The
              remote machine name is  the  NetBIOS  name  of  the
              SMB/CIFS  server to contact to attempt the password
              change. This name is resolved into  an  IP  address
              using the standard name resolution mechanism in all
              programs of  the  Samba  suite.  See  the  -R  name
              resolve  order  parameter  for  details on changing
              this resolving mechanism.

              The username whose password is changed is  that  of
              the  current  UNIX logged on user. See the -U user­
              name parameter for details on changing the password
              for a different username.

              Note  that if changing a Windows NT Domain password
              the remote machine specified must  be  the  Primary
              Domain  Controller  for  the  domain (Backup Domain
              Controllers only have a read-only copy of the  user
              account  database  and  will not allow the password
              change).

              Note that Windows 95/98 do not have a real password
              database  so it is not possible to change passwords
              specifying a Win95/98  machine  as  remote  machine
              target.


              The -r options can be used as well  to  indicate  a
              specific  domain  controller  which  should be con­
              tacted. In this case, the domain  SID  obtained  is
              the  one for the domain to which the remote machine
              belongs.

       -t     This option is used to force  smbpasswd  to  change
              the  current password assigned to the machine trust
              account when operating  in  domain  security  mode.
              This  is  really  meant  to be used on systems that
              only run winbindd Under server installations,  smbd
              handle the password updates automatically.

       -U username[%pass]
              This  option  may  only be used in conjunction with
              the -r option. When changing a password on a remote
              machine it allows the user to specify the user name
              on that machine whose password will be changed.  It
              is  present  to allow users who have different user
              names on different systems to  change  these  pass­
              words. The optional %pass may be used to specify to
              old password.

              In particular, this parameter specifies  the  user­
              name  used  to  create  the  machine  account  when
              invoked with -j

       -W S-1-5-21-x-y-z
              This option forces the SID S-1-5-21-x-y-z to be the
              server and domain SID for the current Samba server.
              It does this by updating the  appropriate  keys  in
              the secrets file.

       -X server|domain
              This  option  allows  the admin to retrieve the SID
              associated with a former servername or domain  name
              that  this  Samba  server  might have used. It does
              this by retrieving the appropriate entry  from  the
              secrets file.

       NOTE:  The  following  options are available only when the
              smbpasswd command is run as root or in local  mode.

       -a     This  option  specifies that the username following
              should be added to the local smbpasswd  file,  with
              the  new  password typed. This option is ignored if
              the username specified already exists in  the  smb­
              passwd file and it is treated like a regular change
              password command. Note that the user  to  be  added
              must  already  exist  in  the  system password file
              (usually /etc/passwd) else the request to  add  the
              passwd(5) for details on the 'old' and new password
              file formats.

       -e     This option specifies that the  username  following
              should  be  enabled in the local smbpasswd file, if
              the account was previously disabled. If the account
              was  not  disabled  this option has no effect. Once
              the account is enabled then the user will  be  able
              to authenticate via SMB once again.

              If  the smbpasswd file is in the 'old' format, then
              smbpasswd will prompt for a new password  for  this
              user,  otherwise  the  account  will  be enabled by
              removing the 'D' flag from account control space in
              the   smbpasswd file. See smbpasswd (5) for details
              on the 'old' and new password file formats.

       -m     This option tells smbpasswd that the account  being
              changed  is  a  MACHINE  account. Currently this is
              used when Samba is being  used  as  an  NT  Primary
              Domain Controller.

       -n     This  option  specifies that the username following
              should have their password  set  to  null  (i.e.  a
              blank  password)  in the local smbpasswd file. This
              is done by writing the string "NO PASSWORD" as  the
              first part of the first password stored in the smb­
              passwd file.

              Note that to allow users to logon to a Samba server
              once  the password has been set to "NO PASSWORD" in
              the smbpasswd file the administrator must  set  the
              following  parameter in the [global] section of the
              smb.conf file :

              null passwords = yes

       -w password
              This parameter is only available is Samba has  been
              configured  to  use the experimental --with-ldapsam
              option. The -w switch is used to specify the  pass­
              word  to  be  used with the ldap admin dn Note that
              the password is stored in  the  private/secrets.tdb
              and is keyed off of the admin's DN. This means that
              if the value of ldap admin  dn  ever  changes,  the
              password  will need to be manually updated as well.

       -x     This option specifies that the  username  following
              should be deleted from the local smbpasswd file.

       -j DOMAIN
              This  option  is  used to add a Samba server into a
              Alternately, if -U is omitted, Samba  will  contact
              its  PDC  and  attempt  to change the password on a
              pre-existing account.

              In order to be used in this way, the  Administrator
              for  the  Windows NT Domain must have used the pro­
              gram "Server Manager for Domains" to add  the  pri­
              mary  NetBIOS  name of the Samba server as a member
              of the Domain.

              After this has been done, to join the Domain invoke
              smbpasswd  with this parameter. smbpasswd will then
              look up  the  Primary  Domain  Controller  for  the
              Domain (found in the smb.conf file in the parameter
              password server  and  change  the  machine  account
              password  used to create the secure Domain communi­
              cation.

              Either way, this password is then  stored  by  smb­
              passwd  in  a  TDB,  writeable only by root, called
              secrets.tdb

              Once  this  operation  has   been   performed   the
              smb.conf file may be updated to set the  security =
              domain option and all future logins  to  the  Samba
              server will be authenticated to the Windows NT PDC.

              Note that even though the authentication  is  being
              done  to  the  PDC  all  users  accessing the Samba
              server must still have a valid UNIX account on that
              machine.   The  winbindd(8)  daemon  can be used to
              create UNIX accounts for NT users.

       -R name resolve order
              This option allows the user of smbpasswd to  deter­
              mine  what  name  resolution  services  to use when
              looking up the NetBIOS name of the host being  con­
              nected to.

              The  options  are  :"lmhosts",  "host",  "wins" and
              "bcast". They cause names to be resolved as follows
              :

              · lmhosts  :  Lookup  an  IP  address  in the Samba
                lmhosts file. If the line in lmhosts has no  name
                type  attached  to  the  NetBIOS  name  (see  the
                lmhosts(5)  for  details)  then  any  name   type
                matches for lookup.

              · host : Do a standard host name to IP address res­
                olution, using the system /etc/hosts  ,  NIS,  or
                DNS  lookups.  This  method of name resolution is
                methods as it depends on the target host being on
                a locally connected subnet.

       The  default order is lmhosts, host, wins, bcast and with­
       out this parameter or any entry in the smb.conf  file  the
       name resolution methods will be attempted in this order.

       username
              This  specifies  the  username  for all of the root
              only options to operate on. Only root  can  specify
              this  parameter  as  only  root  has the permission
              needed to modify attributes directly in  the  local
              smbpasswd file.

       password
              This  specifies the new password. If this parameter
              is specified you will not be prompted for  the  new
              password.


NOTES

       Since  smbpasswd works in client-server mode communicating
       with a local smbd for a non-root user then the smbd daemon
       must  be  running for this to work. A common problem is to
       add a restriction to the hosts that may access  the   smbd
       running  on  the local machine by specifying a allow hosts
       or deny hosts entry in the smb.conf file and neglecting to
       allow "localhost" access to the smbd.

       In addition, the smbpasswd command is only useful if Samba
       has been set up to use encrypted passwords. See  the  file
       ENCRYPTION.txt in the docs directory for details on how to
       do this.


VERSION

       This man page is correct for  version  2.2  of  the  Samba
       suite.


SEE ALSO

       smbpasswd(5) samba(7)


AUTHOR

       The  original  Samba  software  and related utilities were
       created by Andrew Tridgell. Samba is now developed by  the
       Samba  Team  as  an Open Source project similar to the way
       the Linux kernel is developed.

       The original Samba man pages were written  by  Karl  Auer.
       The  man  page  sources  were  converted  to  YODL  format
       (another excellent piece of Open Source  software,  avail­
       able           at          ftp://ftp.icce.rug.nl/pub/unix/
       <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the
  




Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
The Linux Tutorial can use your help.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds