NAME
net - Tool for administration of Samba and remote CIFS servers.
SYNOPSIS
nneett {} [-h] [-w workgroup] [-W myworkgroup] [-U user]
[-I ip-address] [-p port] [-n myname] [-s conffile] [-S server]
[-l] [-P] [-D debuglevel]
DESCRIPTION
This tool is part of the ssaammbbaa(7) suite.
The samba net utility is meant to work just like the net utility avail-
able for windows and DOS. The first argument should be used to specify
the protocol to use when executing a certain command. ADS is used for
ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can
be used for NT4 and Windows 2000. If this argument is omitted, net will
try to determine it automatically. Not all commands are available on
all protocols.
OOPPTTIIOONNSS
-h|-help
Print a summary of command line options.
-w target-workgroup
Sets target workgroup or domain. You have to specify either this
option or the IP address or the name of a server.
-W workgroup
Sets client workgroup or domain
-U user
User name to use
-I ip-address
IP address of target server to use. You have to specify either
this option or a target workgroup or a target server.
-p port
Port on the target server to connect to (usually 139 or 445).
Defaults to trying 445 first, then 139.
-n
This option allows you to override the NetBIOS name that Samba
uses for itself. This is identical to setting the netbios name
parameter in the smb.conf file. However, a command line setting
will take precedence over settings in smb.conf.
-s
The file specified contains the configuration details required
by the server. The information in this file includes server-spe-
cific information such as what printcap file to use, as well as
descriptions of all the services that the server is to provide.
See smb.conf for more information. The default configuration
file name is determined at compile time.
-S server
Name of target server. You should specify either this option or
a target workgroup or a target IP address.
-l When listing data, give more information on each item.
-P Make queries to the external server using the machine account of
the local server.
-d|-debug=debuglevel
debuglevel is an integer from 0 to 10. The default value if this
parameter is not specified is zero.
The higher this value, the more detail will be logged to the log
files about the activities of the server. At level 0, only crit-
ical errors and serious warnings will be logged. Level 1 is a
reasonable level for day-to-day running - it generates a small
amount of information about operations carried out.
Levels above 1 will generate considerable amounts of log data,
and should only be used when investigating a problem. Levels
above 3 are designed for use only by developers and generate
HUGE amounts of log data, most of which is extremely cryptic.
Note that specifying this parameter here will override the log
level parameter in the smb.conf file.
CCOOMMMMAANNDDSS
CCHHAANNGGEESSEECCRREETTPPWW
This command allows the Samba machine account password to be set from
an external application to a machine account password that has already
been stored in Active Directory. DO NOT USE this command unless you
know exactly what you are doing. The use of this command requires that
the force flag (-f) be used also. There will be NO command prompt.
Whatever information is piped into stdin, either by typing at the com-
mand line or otherwise, will be stored as the literal machine password.
Do NOT use this without care and attention as it will overwrite a le-
gitimate machine password without warning. YOU HAVE BEEN WARNED.
TTIIMMEE
The NNEETT TTIIMMEE command allows you to view the time on a remote server or
synchronise the time on the local server with the time on the remote
server.
TTIIMMEE
Without any options, the NNEETT TTIIMMEE command displays the time on the re-
mote server.
TTIIMMEE SSYYSSTTEEMM
Displays the time on the remote server in a format ready for //bbiinn//ddaattee
TTIIMMEE SSEETT
Tries to set the date and time of the local server to that on the re-
mote server using //bbiinn//ddaattee.
TTIIMMEE ZZOONNEE
Displays the timezone in hours from GMT on the remote computer.
[[RRPPCC||AADDSS]] JJOOIINN [[TTYYPPEE]] [[-UU uusseerrnnaammee[[%%ppaasssswwoorrdd]]]] [[ooppttiioonnss]]
Join a domain. If the account already exists on the server, and [TYPE]
is MEMBER, the machine will attempt to join automatically. (Assuming
that the machine has been created in server manager) Otherwise, a pass-
word will be prompted for, and a new account may be created.
[TYPE] may be PDC, BDC or MEMBER to specify the type of server joining
the domain.
[[RRPPCC]] OOLLDDJJOOIINN [[ooppttiioonnss]]
Join a domain. Use the OLDJOIN option to join the domain using the old
style of domain joining - you need to create a trust account in server
manager first.
[[RRPPCC||AADDSS]] UUSSEERR
[[RRPPCC||AADDSS]] UUSSEERR
List all users
[[RRPPCC||AADDSS]] UUSSEERR DDEELLEETTEE ttaarrggeett
Delete specified user
[[RRPPCC||AADDSS]] UUSSEERR IINNFFOO ttaarrggeett
List the domain groups of a the specified user.
[[RRPPCC||AADDSS]] UUSSEERR AADDDD nnaammee [[ppaasssswwoorrdd]] [[-FF uusseerr ffllaaggss]] [[-CC ccoommmmeenntt]]
Add specified user.
[[RRPPCC||AADDSS]] GGRROOUUPP
[[RRPPCC||AADDSS]] GGRROOUUPP [[mmiisscc ooppttiioonnss]] [[ttaarrggeettss]]
List user groups.
[[RRPPCC||AADDSS]] GGRROOUUPP DDEELLEETTEE nnaammee [[mmiisscc.. ooppttiioonnss]]
Delete specified group.
[[RRPPCC||AADDSS]] GGRROOUUPP AADDDD nnaammee [[-CC ccoommmmeenntt]]
Create specified group.
[[RRAAPP||RRPPCC]] SSHHAARREE
[[RRAAPP||RRPPCC]] SSHHAARREE [[mmiisscc.. ooppttiioonnss]] [[ttaarrggeettss]]
Enumerates all exported resources (network shares) on target server.
[[RRAAPP||RRPPCC]] SSHHAARREE AADDDD nnaammee==sseerrvveerrppaatthh [[-CC ccoommmmeenntt]] [[-MM mmaaxxuusseerrss]] [[ttaarrggeettss]]
Adds a share from a server (makes the export active). Maxusers speci-
fies the number of users that can be connected to the share simultane-
ously.
SSHHAARREE DDEELLEETTEE sshhaarreennaamm
Delete specified share.
[[RRPPCC||RRAAPP]] FFIILLEE
[[RRPPCC||RRAAPP]] FFIILLEE
List all open files on remote server.
[[RRPPCC||RRAAPP]] FFIILLEE CCLLOOSSEE ffiilleeiidd
Close file with specified fileid on remote server.
[[RRPPCC||RRAAPP]] FFIILLEE IINNFFOO ffiilleeiidd
Print information on specified fileid. Currently listed are: file-id,
username, locks, path, permissions.
[[RRAAPP||RRPPCC]] FFIILLEE UUSSEERR
NNoottee
Currently NOT implemented.
SSEESSSSIIOONN
RRAAPP SSEESSSSIIOONN
Without any other options, SESSION enumerates all active SMB/CIFS ses-
sions on the target server.
RAP SESSION DELETE|CLOSE CLIENTNAME
Close the specified sessions.
RAP SESSION INFO CLIENTNAME
Give a list with all the open files in specified session.
RRAAPP SSEERRVVEERR DDOOMMAAIINN
List all servers in specified domain or workgroup. Defaults to local
domain.
RRAAPP DDOOMMAAIINN
Lists all domains and workgroups visible on the current network.
RRAAPP PPRRIINNTTQQ
RAP PRINTQ LIST QUEUENAME
Lists the specified print queue and print jobs on the server. If the
QUEUENAME is omitted, all queues are listed.
RRAAPP PPRRIINNTTQQ DDEELLEETTEE JJOOBBIIDD
Delete job with specified id.
RRAAPP VVAALLIIDDAATTEE uusseerr [[ppaasssswwoorrdd]]
Validate whether the specified user can log in to the remote server. If
the password is not specified on the commandline, it will be prompted.
NNoottee
Currently NOT implemented.
RRAAPP GGRROOUUPPMMEEMMBBEERR
RRAAPP GGRROOUUPPMMEEMMBBEERR LLIISSTT GGRROOUUPP
List all members of the specified group.
RRAAPP GGRROOUUPPMMEEMMBBEERR DDEELLEETTEE GGRROOUUPP UUSSEERR
Delete member from group.
RRAAPP GGRROOUUPPMMEEMMBBEERR AADDDD GGRROOUUPP UUSSEERR
Add member to group.
RRAAPP AADDMMIINN ccoommmmaanndd
Execute the specified command on the remote server. Only works with
OS/2 servers.
NNoottee
Currently NOT implemented.
RRAAPP SSEERRVVIICCEE
RAP SERVICE START NAME [arguments...]
Start the specified service on the remote server. Not implemented yet.
NNoottee
Currently NOT implemented.
RRAAPP SSEERRVVIICCEE SSTTOOPP
Stop the specified service on the remote server.
NNoottee
Currently NOT implemented.
RRAAPP PPAASSSSWWOORRDD UUSSEERR OOLLDDPPAASSSS NNEEWWPPAASSSS
Change password of USER from OLDPASS to NEWPASS.
LLOOOOKKUUPP
LOOKUP HOST HOSTNAME [TYPE]
Lookup the IP address of the given host with the specified type (net-
bios suffix). The type defaults to 0x20 (workstation).
LLOOOOKKUUPP LLDDAAPP [[DDOOMMAAIINN
Give IP address of LDAP server of specified DOMAIN. Defaults to local
domain.
LLOOOOKKUUPP KKDDCC [[RREEAALLMM]]
Give IP address of KDC for the specified REALM. Defaults to local
realm.
LLOOOOKKUUPP DDCC [[DDOOMMAAIINN]]
Give IP's of Domain Controllers for specified DOMAIN. Defaults to lo-
cal domain.
LLOOOOKKUUPP MMAASSTTEERR DDOOMMAAIINN
Give IP of master browser for specified DOMAIN or workgroup. Defaults
to local domain.
CCAACCHHEE
Samba uses a general caching interface called 'gencache'. It can be
controlled using 'NET CACHE'.
All the timeout parameters support the suffixes: s - Secondsm - Min-
utesh - Hoursd - Daysw - Weeks
CCAACCHHEE AADDDD kkeeyy ddaattaa ttiimmee-oouutt
Add specified key+data to the cache with the given timeout.
CCAACCHHEE DDEELL kkeeyy
Delete key from the cache.
CCAACCHHEE SSEETT kkeeyy ddaattaa ttiimmee-oouutt
Update data of existing cache entry.
CCAACCHHEE SSEEAARRCCHH PPAATTTTEERRNN
Search for the specified pattern in the cache data.
CCAACCHHEE LLIISSTT
List all current items in the cache.
CCAACCHHEE FFLLUUSSHH
Remove all the current items from the cache.
GGEETTLLOOCCAALLSSIIDD [[DDOOMMAAIINN]]
Print the SID of the specified domain, or if the parameter is omitted,
the SID of the domain the local server is in.
SSEETTLLOOCCAALLSSIIDD SS-11-55-2211-xx-yy-zz
Sets domain sid for the local server to the specified SID.
GGRROOUUPPMMAAPP
Manage the mappings between Windows group SIDs and UNIX groups. Parame-
ters take the for "parameter=value". Common options include:
+o unixgroup - Name of the UNIX group
+o ntgroup - Name of the Windows NT group (must be resolvable to a SID
+o rid - Unsigned 32-bit integer
+o sid - Full SID in the form of "S-1-..."
+o type - Type of the group; either 'domain', 'local', or 'builtin'
+o comment - Freeform text description of the group
GGRROOUUPPMMAAPP AADDDD
Add a new group mapping entry
net groupmap add {rid=int|sid=string} unixgroup=string [type={do-
main|local}] [ntgroup=string] [comment=string]
GGRROOUUPPMMAAPP DDEELLEETTEE
Delete a group mapping entry. If more then one group name matches, the
first entry found is deleted.
net groupmap delete {ntgroup=string|sid=SID}
GGRROOUUPPMMAAPP MMOODDIIFFYY
Update en existing group entry
net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [com-
ment=string] [type={domain|local}]
GGRROOUUPPMMAAPP LLIISSTT
List existing group mapping entries
net groupmap list [verbose] [ntgroup=string] [sid=SID]
MMAAXXRRIIDD
Prints out the highest RID currently in use on the local server (by the
active 'passdb backend').
RRPPCC IINNFFOO
Print information about the domain of the remote server, such as domain
name, domain sid and number of users and groups.
[[RRPPCC||AADDSS]] TTEESSTTJJOOIINN
Check whether participation in a domain is still valid.
[[RRPPCC||AADDSS]] CCHHAANNGGEETTRRUUSSTTPPWW
Force change of domain trust password.
RRPPCC TTRRUUSSTTDDOOMM
RRPPCC TTRRUUSSTTDDOOMM AADDDD DDOOMMAAIINN
Add a interdomain trust account for DOMAIN to the remote server.
RRPPCC TTRRUUSSTTDDOOMM DDEELL DDOOMMAAIIMM
Remove interdomain trust account for DOMAIN from the remote server.
NNoottee
Currently NOT implemented.
RRPPCC TTRRUUSSTTDDOOMM EESSTTAABBLLIISSHH DDOOMMAAIINN
Establish a trust relationship to a trusting domain. Interdomain ac-
count must already be created on the remote PDC.
RRPPCC TTRRUUSSTTDDOOMM RREEVVOOKKEE DDOOMMAAIINN
Abandon relationship to trusted domain
RRPPCC TTRRUUSSTTDDOOMM LLIISSTT
List all current interdomain trust relationships.
RRPPCC AABBOORRTTSSHHUUTTDDOOWWNN
Abort the shutdown of a remote server.
SSHHUUTTDDOOWWNN [[-tt ttiimmeeoouutt]] [[-rr]] [[-ff]] [[-CC mmeessssaaggee]]
Shut down the remote server.
-r Reboot after shutdown.
-f Force shutting down all applications.
-t timeout
Timeout before system will be shut down. An interactive user of
the system can use this time to cancel the shutdown.
-C message
Display the specified message on the screen to announce the
shutdown.
SSAAMMDDUUMMPP
Print out sam database of remote server. You need to run this on either
a BDC.
VVAAMMPPIIRREE
Export users, aliases and groups from remote server to local server.
Can only be run an a BDC.
GGEETTSSIIDD
Fetch domain SID and store it in the local secrets.tdb.
AADDSS LLEEAAVVEE
Make the remote host leave the domain it is part of.
AADDSS SSTTAATTUUSS
Print out status of machine account of the local machine in ADS. Prints
out quite some debug info. Aimed at developers, regular users should
use NNEETT AADDSS TTEESSTTJJOOIINN.
AADDSS PPRRIINNTTEERR
AADDSS PPRRIINNTTEERR IINNFFOO [[PPRRIINNTTEERR]] [[SSEERRVVEERR]]
Lookup info for PRINTER on SERVER. The printer name defaults to "*",
the server name defaults to the local host.
AADDSS PPRRIINNTTEERR PPUUBBLLIISSHH PPRRIINNTTEERR
Publish specified printer using ADS.
AADDSS PPRRIINNTTEERR RREEMMOOVVEE PPRRIINNTTEERR
Remove specified printer from ADS directory.
AADDSS SSEEAARRCCHH EEXXPPRREESSSSIIOONN AATTTTRRIIBBUUTTEESS......
Perform a raw LDAP search on a ADS server and dump the results. The ex-
pression is a standard LDAP search expression, and the attributes are a
list of LDAP fields to show in the results.
Example: nneett aaddss sseeaarrcchh ''((oobbjjeeccttCCaatteeggoorryy==ggrroouupp))'' ssAAMMAAccccoouunnttNNaammee
AADDSS DDNN DDNN ((aattttrriibbuutteess))
Perform a raw LDAP search on a ADS server and dump the results. The DN
standard LDAP DN, and the attributes are a list of LDAP fields to show
in the result.
Example: nneett aaddss ddnn ''CCNN==aaddmmiinniissttrraattoorr,,CCNN==UUsseerrss,,DDCC==mmyy,,DDCC==ddoommaaiinn'' SSAAMMAAcc-
ccoouunnttNNaammee
WWOORRKKGGRROOUUPP
Print out workgroup name for specified kerberos realm.
HHEELLPP [[CCOOMMMMAANNDD]]
Gives usage information for the specified command.
VVEERRSSIIOONN
This man page is complete for version 3.0 of the Samba suite.
AUTHOR The original Samba software and related utilities were created by An-
drew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.
The net manpage was written by Jelmer Vernooij.
NET(8)