The branch, master has been updated
via c1cac5967eb manpages:samba-tool: sort 'service-account' into place
alphabetically
via 2b09cc32d57 manpages: samba-tool gpo manage smb_conf list/set
via 1319a21c94f pytests: samba_tool.help checks you updated the man page
via 71061b7f16a pytest:samba-tool: .check_output() can set environment
via 41ef18fe7ea manpages:samba-tool user sensitive
via 192b871bca2 manpages:samba-tool user addunixattrs
via 439e7c8acc1 manpages:samba-tool ntacl getdosinfo (stub)
via 218926d8a0e manpages:samba-tool group addunixattrs
via aa30400622e manpages:samba-tool gpo restore typo
via 05137ca07a7 manpages:samba-tool gpo manage security set
via bfa3ff6362f manpages:samba-tool gpo manage security list
via 73bc0a406ce manpages:samba-tool: separate passwordsettings set/show
via fbc34719ad8 manpages:samba-tool: document -V,--version
via d481da327d5 manpages:samba-tool: document -H options
via 7501bcd7b9a manpages:samba-tool --help is not man text
via a975f5c1805 manpages:samba-tool preamble for common options
via 1f34e45b436 manpages: samba-tool gpo load
via 48b2103a8cf manpages: samba-tool gpo cse register
via b1be087180b manpages: samba-tool cse list
via 1bf60aa2ba2 manpages: samba-tool gpo backup
via 2e77a148ddd manpages: samba-tool gpo admx load
via 0ab86dd7ca7 python:getopt: hack to generate docbook stubs from
--help
via 7ec9973f022 manpages: samba-tool gpo aclcheck
via 22d5d675a1d manpages: samba-tool drs uptodateness
via 7183da7583d manpages: samba-tool drs clone-dc-database
via f778c883aba manpages:samba-tool domain tombstones expunge
via 5f1894485f4 manpages: samba-tool domain: consistent sddl example
via 6978e93896b manpages: samba-tool processes
via 7f01b474b79 manpages: samba-tool domain schemaupgrade
via 612cf9f01ae manpages: samba-tool kds root-key sub-options
via 60ea6038472 manpages: samba-tool domain functionalprep
via 4b5d66e2883 manpages: samba-tool dns zoneoptions
via 786c77ff9e1 manpages: add samba-tool dns cleanup
via 1c01a612680 manpages: add samba-tool delegation {add,del}-principal
from 5e8f998efa5 pylibsmb: do not use obsolete PyEval_InitThreads() for
Python > 3.6
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c1cac5967ebbedb4a5bb04c6c8e2abd6a5db1afb
Author: Douglas Bagnall <[email protected]>
Date: Wed Mar 5 13:20:26 2025 +1300
manpages:samba-tool: sort 'service-account' into place alphabetically
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
Autobuild-User(master): Douglas Bagnall <[email protected]>
Autobuild-Date(master): Wed Mar 12 20:55:01 UTC 2025 on atb-devel-224
commit 2b09cc32d57b92664136c2082a0a889e2dddaf25
Author: Douglas Bagnall <[email protected]>
Date: Wed Mar 5 12:28:45 2025 +1300
manpages: samba-tool gpo manage smb_conf list/set
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 1319a21c94f4a22f756feb05c778bc41562c1a11
Author: Douglas Bagnall <[email protected]>
Date: Thu Sep 15 16:14:49 2022 +1200
pytests: samba_tool.help checks you updated the man page
It tries to help by printing something that is a little bit like the
correct DocBook text to insert.
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 71061b7f16a2900499753b671333e17aebdc08a1
Author: Douglas Bagnall <[email protected]>
Date: Wed Mar 5 11:39:17 2025 +1300
pytest:samba-tool: .check_output() can set environment
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 41ef18fe7eace58e7a526c5a342a67d8ddb4e11c
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 14:06:44 2025 +1300
manpages:samba-tool user sensitive
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 192b871bca272a21cd40b28eacc5aa7123bac799
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 14:06:21 2025 +1300
manpages:samba-tool user addunixattrs
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 439e7c8acc1fa62a9d847d68c94dc576ccacdaf7
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 14:03:43 2025 +1300
manpages:samba-tool ntacl getdosinfo (stub)
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 218926d8a0eb9952135d9f5e2fe854f6bd902d7a
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 14:03:01 2025 +1300
manpages:samba-tool group addunixattrs
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit aa30400622e89badead25fe52f236e486244ec87
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 14:02:26 2025 +1300
manpages:samba-tool gpo restore typo
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 05137ca07a7c01e51e8dde3bbc9a02d72e3e3745
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 14:01:53 2025 +1300
manpages:samba-tool gpo manage security set
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit bfa3ff6362f2b6000b3fb9299334c6ecb120c927
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 14:00:36 2025 +1300
manpages:samba-tool gpo manage security list
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 73bc0a406ce9cec186bc6b9e539ad8498c07c713
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 13:59:19 2025 +1300
manpages:samba-tool: separate passwordsettings set/show
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit fbc34719ad80a5423486e6950232eda1c87c8b8e
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 13:54:56 2025 +1300
manpages:samba-tool: document -V,--version
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit d481da327d56b8a48fec447a6ed6718dc152afb9
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 13:54:27 2025 +1300
manpages:samba-tool: document -H options
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 7501bcd7b9acc0098b229f7b656d8a463e153887
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 13:51:46 2025 +1300
manpages:samba-tool --help is not man text
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit a975f5c18050e5e239f54768b29bb51962debb26
Author: Douglas Bagnall <[email protected]>
Date: Sun Mar 2 13:50:50 2025 +1300
manpages:samba-tool preamble for common options
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 1f34e45b4364563a880766c0ad27ac724d30f4a1
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 17:45:30 2025 +1300
manpages: samba-tool gpo load
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 48b2103a8cf1936aa18c514fa9c25e583ea11863
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 17:44:45 2025 +1300
manpages: samba-tool gpo cse register
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit b1be087180bc0fce20faec63ef7de68c02e13eb2
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 17:44:14 2025 +1300
manpages: samba-tool cse list
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 1bf60aa2ba2963ca72835bab8b2de3a1e15e4eb9
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 17:43:12 2025 +1300
manpages: samba-tool gpo backup
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 2e77a148dddac22c03f7328478b869cd4cfab330
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 17:42:36 2025 +1300
manpages: samba-tool gpo admx load
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 0ab86dd7ca75d2e3ac54453c3e90db880054e17d
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 17:42:08 2025 +1300
python:getopt: hack to generate docbook stubs from --help
We have many many samba-tool subcommands that are not documented in
the manpage. Often the --help text is a good place to start, but doing
it entirely manually is VERY tedious.
This automates some of the process.
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 7ec9973f022910d4d27ecf84acf2909229f85340
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 17:37:39 2025 +1300
manpages: samba-tool gpo aclcheck
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 22d5d675a1db45d3084479dfd504d40a9b0eee1d
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 17:36:48 2025 +1300
manpages: samba-tool drs uptodateness
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 7183da7583dea19b5076650ccc6563c9b0e60d56
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 17:36:09 2025 +1300
manpages: samba-tool drs clone-dc-database
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit f778c883aba642ea6ae21a68f56b895aa44c9718
Author: Douglas Bagnall <[email protected]>
Date: Wed Mar 5 13:07:25 2025 +1300
manpages:samba-tool domain tombstones expunge
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 5f1894485f413956f2d28fbfec5225909a3a6593
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 15:35:45 2025 +1300
manpages: samba-tool domain: consistent sddl example
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 6978e93896bf68ff38d6b9369cd2cb0874024531
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 15:34:33 2025 +1300
manpages: samba-tool processes
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 7f01b474b794f3cbe9fdd05fb07aa03c48bedd95
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 15:34:09 2025 +1300
manpages: samba-tool domain schemaupgrade
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 612cf9f01aeb5da259acb28985616b9ddce51615
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 15:33:01 2025 +1300
manpages: samba-tool kds root-key sub-options
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 60ea60384722018153b6f8ebf3b7b5bf8e7f6f16
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 15:31:50 2025 +1300
manpages: samba-tool domain functionalprep
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 4b5d66e28833d03dfdeb10e0311d6d19e74849c6
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 15:31:00 2025 +1300
manpages: samba-tool dns zoneoptions
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 786c77ff9e1de2c3abfe06e1f5c7846d2a40dad8
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 15:30:30 2025 +1300
manpages: add samba-tool dns cleanup
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
commit 1c01a612680dd2bba92bb6621398b5762eaa5e46
Author: Douglas Bagnall <[email protected]>
Date: Thu Feb 27 15:30:03 2025 +1300
manpages: add samba-tool delegation {add,del}-principal
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Rowland Penny <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/samba-tool.8.xml | 1494 +++++++++++++++++++++++++++++----
python/samba/getopt.py | 52 ++
python/samba/tests/__init__.py | 4 +-
python/samba/tests/samba_tool/help.py | 34 +-
4 files changed, 1438 insertions(+), 146 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/samba-tool.8.xml
b/docs-xml/manpages/samba-tool.8.xml
index 3bd7b75a73e..28bd8c00124 100644
--- a/docs-xml/manpages/samba-tool.8.xml
+++ b/docs-xml/manpages/samba-tool.8.xml
@@ -36,13 +36,17 @@
<refsect1>
<title>OPTIONS</title>
-
+ <para>
+ Samba-tool consists of many sub-commands, each of which have
+ their own set of options. The options listed in this section
+ are common across several sub-commands.
+ </para>
<variablelist>
<varlistentry>
<term>-h|--help</term>
<listitem><para>
- Show this help message and exit
+ Show a help message and exit.
</para></listitem>
</varlistentry>
@@ -64,12 +68,79 @@
&cmdline.common.credentials.authenticationfile;
+ <varlistentry>
+ <term>-H URL, --URL=URL</term>
+ <listitem>
+ <para>LDB URL for database or target server.</para>
+ <para>The URL can either be a plain file path, or use one
+ of the schemes listed here. If a plain path is used, it is
+ treated as if 'tdb://' was used.
+ <variablelist>
+ <varlistentry>
+ <term>tdb://PATH</term>
+ <listitem>
+ <para>
+ PATH is the location of a TDB database.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>mdb://PATH</term>
+ <listitem>
+ <para>
+ PATH is the location of an LMDB database.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ldb://PATH</term>
+ <listitem>
+ <para>
+ PATH is the location of an LDB database, in either
+ LMDB or TDB format. The formats will be tried one
+ after another until one succeeds or all fail. It
+ is safe to use this if you don't know the format
+ of the file.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ldap://HOSTNAME, ldaps://HOSTNAME</term>
+ <listitem>
+ <para>
+ The LDB backend is the named ldap server. ldaps:// wraps
the connection in TLS.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ldapi://SOCKET</term>
+ <listitem>
+ <para>
+ The backend server is a local ldap server using a unix
domain socket.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>--color=always|never|auto</term>
+ <listitem><para>use colour if available (default:
auto)</para></listitem>
+ </varlistentry>
+
+
<varlistentry>
<term>--ipaddress=IPADDRESS</term>
<listitem><para>
IP address of the server
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>-s FILE, --configfile=FILE</term>
+ <listitem><para>Use this smb.conf configuration
file.</para></listitem>
+ </varlistentry>
<varlistentry>
<term>--color=always|never|auto</term>
@@ -94,6 +165,13 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>-V, --version</term>
+ <listitem><para>Display the version number and exit.</para></listitem>
+
+
+ </varlistentry>
+
&cmdline.common.debug.client;
</variablelist>
@@ -488,6 +566,18 @@
<para>Manage Delegations.</para>
</refsect2>
+<refsect3>
+ <title>delegation add-principal <replaceable>accountname</replaceable>
<replaceable>principal</replaceable> [options]</title>
+ <para>Add a principal to msDS-AllowedToActOnBehalfOfOtherIdentity that
may delegate to an account.
+ </para>
+</refsect3>
+
+<refsect3>
+ <title>delegation del-principal <replaceable>accountname</replaceable>
<replaceable>principal</replaceable> [options]</title>
+ <para>Delete a principal from msDS-AllowedToActOnBehalfOfOtherIdentity
so that it may no longer delegate to an account.
+ </para>
+</refsect3>
+
<refsect3>
<title>delegation add-service <replaceable>accountname</replaceable>
<replaceable>principal</replaceable> [options]</title>
<para>Add a service principal as msDS-AllowedToDelegateTo.</para>
@@ -524,6 +614,17 @@
<para>Add a DNS record.</para>
</refsect3>
+
+<refsect3>
+ <title>dns cleanup <replaceable>server</replaceable>
<replaceable>name</replaceable> </title>
+ <para>Clean up DNS records for a host, so that DNS queries no
+ longer return results. Usually this works by marking the
+ records as deleted in the database.</para>
+ <para>
+ Example: <constant>samba-tool dns cleanup dc1
computer.samdom.test.site</constant>
+ </para>
+</refsect3>
+
<refsect3>
<title>dns delete <replaceable>server</replaceable>
<replaceable>zone</replaceable> <replaceable>name</replaceable>
<replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable>
<replaceable>data</replaceable></title>
<para>Delete a DNS record.</para>
@@ -569,6 +670,70 @@
<para>List zones.</para>
</refsect3>
+<refsect3>
+ <title>dns zoneoptions <replaceable>server</replaceable>
<replaceable>zone</replaceable> [options]</title>
+ <para>Manipulate aging options. This is useful in zones using dynamic
DNS.</para>
+ <para>There are options to change records from static to
+ dynamic based on regular expressions or age, which is useful
+ in some cases where the values got mixed up in old versions of
+ Samba.</para>
+ <variablelist>
+ <varlistentry>
+ <term>-n, --dry-run</term>
+ <listitem><para> Do not actually change
+ anything, but show what would happen.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>--client-version=w2k|dotnet|longhorn</term>
+ <listitem><para> Windows client protocol
+ version. The default is
+ <constant>longhorn</constant>, which is
+ probably what you want.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>--mark-old-records-static=YYYY-MM-DD</term>
+ <listitem><para> Mark records older than the
+ specified date as static.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>--mark-records-static-regex=REGEXP</term>
+ <listitem><para> Mark records that match the
+ given perl-compatible regular expression as
+ static.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>--mark-records-dynamic-regex=REGEXP</term>
+ <listitem><para> Mark records that match the
+ given perl-compatible regular expression as
+ dynamic.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>--aging=0|1</term>
+ <listitem>
+ <para>--aging=1 to enable aging for this zone.</para>
+ <para>--aging=0 to disable aging for this
zone.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>--norefreshinterval=HOURS</term>
+ <listitem><para>avoid further refreshes for
+ this long after a dynamic update. Set to zero
+ to use the default.</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>--refreshinterval=HOURS</term>
+ <listitem><para>Dynamic refresh interval in hours (0: use
default)</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term></term>
+ <listitem><para></para></listitem>
+ </varlistentry>
+ </variablelist>
+
+
+
+</refsect3>
+
<refsect2>
<title>domain</title>
<para>Manage Domain.</para>
@@ -757,7 +922,7 @@
keywords.
</para>
<para>
- Example:
O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(AU)}))
+ Example:
<constant>O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(AU)}))</constant>
</para>
</listitem>
</varlistentry>
@@ -864,7 +1029,7 @@
bare (user) and Device conditions.
</para>
<para>
- SDDL Example:
O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(AO)}))
+ SDDL Example:
<constant>O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(AO)}))</constant>
</para>
</listitem>
</varlistentry>
@@ -1695,52 +1860,35 @@
</variablelist>
</refsect3>
-<refsect2>
- <title>service-account</title>
- <para>Service account management.</para>
-</refsect2>
+<refsect3>
+ <title>domain classicupgrade [options]
<replaceable>classic_smb_conf</replaceable></title>
+ <para>Upgrade from Samba classic (NT4-like) database to Samba AD DC
+ database.</para>
+</refsect3>
<refsect3>
- <title>service-account list</title>
- <para>List service accounts on the domain.</para>
- <variablelist>
- <varlistentry>
- <term>-H, --URL</term>
- <listitem><para>
- LDB URL for database or target server.
- </para></listitem>
- </varlistentry>
- <varlistentry>
- <term>--json</term>
- <listitem><para>
- View service accounts as JSON instead of a list.
- </para></listitem>
- </varlistentry>
- </variablelist>
+ <title>domain dcpromo <replaceable>dnsdomain</replaceable> [DC|RODC]
[options]</title>
+ <para>Promote an existing domain member or NT4 PDC to an AD DC.</para>
</refsect3>
<refsect3>
- <title>service-account view</title>
- <para>View a single service account on the domain.</para>
- <variablelist>
- <varlistentry>
- <term>-H, --URL</term>
- <listitem><para>
- LDB URL for database or target server.
- </para></listitem>
- </varlistentry>
- <varlistentry>
- <term>--name</term>
- <listitem><para>
- Account name of service account to view
(required).
- </para></listitem>
- </varlistentry>
- </variablelist>
+ <title>domain demote</title>
+ <para>Demote ourselves from the role of domain controller.</para>
</refsect3>
<refsect3>
- <title>service-account create</title>
- <para>Create a new service account on the domain.</para>
+ <title>domain exportkeytab <replaceable>keytab</replaceable>
[options]</title>
+ <para>Dumps Kerberos keys of the domain into a keytab.</para>
+</refsect3>
+
+<refsect3>
+ <title>domain functionalprep [options]</title>
+ <para>Prepare a domain for functional level upgrade. If
<constant>--functional-level</constant> is not used, the latest supported
version is used (currently 2016).</para>
+ <para>
+ There are two aspects to this preparation, relating to the forest and
the domain. By default both are run.
+ If either of <constant>--forest-prep</constant> or
<constant>--domain-prep</constant> are used, only the corresponding preparation
is made.
+ If both arguments are used together, all preparation is done, just as
when neither is used.
+ </para>
<variablelist>
<varlistentry>
<term>-H, --URL</term>
@@ -1749,35 +1897,62 @@
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--name</term>
+ <term>--functional-level
[2008_R2|2012|2012_R2|2016]</term>
<listitem><para>
- Account name of service account (required).
+ The functional level to prepare for. The default is
2016.
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--dns-host-name</term>
+ <term>--forest-prep</term>
<listitem><para>
- DNS hostname of this service account (required).
+ Run forest preparation only (unless
--domain-prep is also used).
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--group-msa-membership</term>
+ <term>--domain-prep</term>
<listitem><para>
- Optional Group MSA Membership SDDL.
+ Run domain preparation only (unless
--forest-prep is also used).
</para></listitem>
</varlistentry>
+ <?ignore
+ <!-- these are ignored by the tool, so let's not document
them. -->
<varlistentry>
- <term>--managed-password-interval</term>
+ <term>-q, --quiet</term>
<listitem><para>
- Managed password refresh interval in days.
+ Be quieter.
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>-v, --verbose</term>
+ <listitem><para>
+ Be more verbose.
+ </para></listitem>
+ </varlistentry>
+ ?>
</variablelist>
+
+
</refsect3>
<refsect3>
- <title>service-account modify</title>
- <para>Modify an existing service account on the domain.</para>
+ <title>domain info <replaceable>ip_address</replaceable>
[options]</title>
+ <para>Print basic info about a domain and the specified DC.
+</para>
+</refsect3>
+
+<refsect3>
+ <title>domain join <replaceable>dnsdomain</replaceable>
[DC|RODC|MEMBER|SUBDOMAIN] [options]</title>
+ <para>Join a domain as either member or backup domain controller.</para>
+</refsect3>
+
+<refsect3>
+ <title>domain kds root-key</title>
+ <para>Manage Key Distribution Service root keys.</para>
+</refsect3>
+
+<refsect3>
+ <title>domain kds root-key create [options]</title>
+ <para>Create KDS root keys</para>
<variablelist>
<varlistentry>
<term>-H, --URL</term>
@@ -1786,29 +1961,31 @@
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--name</term>
- <listitem><para>
- Account name of service account (required).
- </para></listitem>
- </varlistentry>
- <varlistentry>
- <term>--dns-host-name</term>
- <listitem><para>
- Update DNS hostname of this service account.
- </para></listitem>
+ <term>--use-start-time=["now"|iso8601 or LDIF time
string]</term>
+ <listitem><para> The key will be valid from
+ this time. </para>
+ <para> Valid time format are
+ the string "now", the LDIF format
+ <constant>YYYYmmddHHMMSS.0Z</constant>, or the
+ ISO format
<constant>YYYY-mm-dd[*HH[:MM[:SS[.fff[fff]]]][+HH:MM[:SS[.ffffff]]]]</constant>
+ where the '*' can be any character, and the optional
last
+ '[+HH:MM[:SS[.ffffff]]]' is a timezone offset (e.g.
'+00:00' for
+ UTC).
+ </para>
+ </listitem>
</varlistentry>
<varlistentry>
- <term>--group-msa-membership</term>
+ <term>--json</term>
<listitem><para>
- Update Group MSA Membership SDDL.
+ Output results in JSON format.
</para></listitem>
</varlistentry>
</variablelist>
</refsect3>
<refsect3>
- <title>service-account delete</title>
- <para>Delete a service accounts on the domain.</para>
+ <title>domain kds root-key delete --name={GUID}</title>
+ <para>Delete the named KDS root key. Use <constant>samba-tool domain
kds root-key list</constant> to find the name of the key.</para>
<variablelist>
<varlistentry>
<term>-H, --URL</term>
@@ -1817,22 +1994,29 @@
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--name</term>
+ <term>--name=NAME</term>
+ <listitem><para> The name of the key to delete. It will
be a GUID.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>-v, --verbose</term>
<listitem><para>
- Account name of service account to delete.
+ Print all attributes (except secret ones,
unless --show secrets is used).
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>--json</term>
+ <listitem><para>
+ Output results in JSON format.
</para></listitem>
</varlistentry>
</variablelist>
</refsect3>
-<refsect2>
- <title>service-account group-msa-membership</title>
- <para>Service account Group MSA Membership management.</para>
-</refsect2>
-
<refsect3>
- <title>service-account group-msa-membership show</title>
- <para>Display Group MSA Membership for a service account.</para>
+ <title>domain kds root-key list [options]</title>
+ <para>List KDS root keys. The newest keys are listed first.</para>
<variablelist>
<varlistentry>
<term>-H, --URL</term>
@@ -1841,23 +2025,37 @@
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--name</term>
+ <term>--show-secrets</term>
+ <listitem><para> Print secret or potentially
+ sensitive attributes, namely msKds-RootKeyData
+ and msKds-SecretAgreementParam.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>-v, --verbose</term>
<listitem><para>
- Account name of service account (required).
+ Print more attributes (but not secret ones,
unless --show secrets is also used).
</para></listitem>
- </varlistentry>
+ </varlistentry>
<varlistentry>
<term>--json</term>
<listitem><para>
- Return as JSON instead of a list.
--
Samba Shared Repository
