net

The net command, new to Samba 3.0, is a program with a syntax similar to the MS-DOS/Windows command of the same name . It is used for performing various administrative functions related to Windows networking, which can be executed either locally or on a remote system.

Command synopsis

 net   [method] function [misc_options] [target_options]   

The function argument is made up of one or more space-separated words. In Windows terminology, it is sometimes referred to as a function with options. Here we list every function in its complete form, including multiple words.

By default, the action is performed on the local system. The target_options argument can be used to specify a remote system (either by hostname or IP address), a domain, or a workgroup.

Depending on the function, the method argument can be optional, required, or disallowed . It specifies one of three methods for performing the operation specified by the rest of the command. It can be ads (Active Directory), rpc (Microsoft's DCE/RPC), or rap (Microsoft's original SMB remote procedure call). To determine which methods (if any) can be used with a function, the net help ads , net help rap , and net help rpc commands can be used to list the functions for each method.

Miscellaneous options

-d level

--debug=l evel

Sets the debug (sometimes called logging) level. The level can range from 0 to 10.

-l

--long

S pecifies the long listing mode. This is provided for functions that print informational listings.

-n name

-- myname = name

Specifies the NetBIOS name for the client.

-p port

--port = port

Specifies the port number to use.

-s filename

--conf = filename

Specifies the name of the Samba configuration file, overriding the compiled-in default.

-U username[ % password]

-- user = username[ % password]

Specifies the username and, optionally , the password to use for functions that require authentication.

-W name

--myworkgroup = name

Specifies the name of the client's workgroup, overriding the definition of the workgroup parameter in the Samba configuration file.

Target options

-S hostname

Specifies the remote system using a hostname or NetBIOS name.

-I ip_address

Specifies the remote system using its IP address.

-w workgroup

Specifies the name of the target domain or workgroup.

Functions

abortshutdown

See the rpc abortshutdown function.

ads info

Prints information about the Active Directory server. The method ( ads ) must be specified to differentiate this function from the rpc info function.

ads join OU

Joins the local system to the Active Directory realm (organizational unit) specified by OU. The method ( ads ) must be specified to differentiate this function from the rpc join function.

ads leave

Removes the local system from the Active Directory realm.

ads password username @ REALM -U admin_username @ REALM %admin_ password

Changes the Active Directory password for the user specified by username @ REALM . The administrative account authentication information is specified with the -U option. The Active Directory realm must be supplied in all uppercase.

ads printer info [printer] [server]

Prints information on the specified printer on the specified server. The printer argument defaults to an asterisk ( * ), meaning all printers, and the server argument defaults to localhost .

ads printer publish printer_name

Publishes the specified printer in Active Directory.

ads printer remove printer_name

Removes the specified printer from Active Directory.

ads search expr attrib

Performs a raw Active Directory search, using the standard LDAP search expression and attributes specified by the expr and attrib arguments, respectively.

ads status

Prints details about the Active Directory computer account of the system.

change localhost pass

Changes the Active Directory password for the local system's computer trust account.

domain

Lists the domains or workgroups on the network.

file

Lists open files on the server.

file close file_id

Closes the specified file.

file info file_id

Prints information about the specified file, which must be open.

file user username

Lists all files opened on the server by the user specified by username .

group add group_name

Adds the specified group. This function accepts the miscellaneous option -C comment (which can also be specified as - -comment= string ) to set the descriptive comment for the group.

group delete group_name

Deletes the specified group.

groupmember add group_name username

Adds the user specified by username to the group specified by group_name .

groupmember delete group_name username

Deletes the user specified by username from the group specified by group_name .

groupmember list group_name

Lists the users who are members of the specified group.

help

Prints a help message for the net command.

help method

Prints a help message for method , which can be ads , rap , or rpc . This lists the functions that can use the method, along with a brief description.

help function

Prints a help message for the specified function, which can be more than one word.

info

Must be preceded by a method. See the ads info and rpc info functions.

join

Joins the computer to a Windows NT domain or Active Directory realm. If the method argument is not specified, a check is made to determine if Active Directory is in use, and if so, ads join is performed. Otherwise, rpc join is run. See also the ads join and rpc join functions.

leave

Must be preceded by a method. See the ads leave function.

lookup dc [domain]

Prints the IP address of the specified domain's domain controllers. The domain defaults to the value of the workgroup parameter in the Samba configuration file.

lookup host hostname [type]

Prints the IP address of the specified host.

lookup kdc [realm]

Prints the IP address of the specified realm's Kerberos domain controller. If realm is not specified, it defaults to the value of the realm parameter in the Samba configuration file.

lookup ldap [domain]

Prints the IP address of the specified domain's LDAP server. If domain is not specified, it defaults to the value of the workgroup parameter in the Samba configuration file.

lookup master [domain]

Prints the IP address of the master browser of the specified domain or workgroup. If domain is not specified, it defaults to the value of the workgroup parameter in the Samba configuration file.

password username old_password new_password

Changes the password for the user specified by the username argument. The user's old and new passwords are provided in plain text as part of the command. Be careful regarding security issues. See also the ads password function.

printer info

See the ads printer info function.

printer publish

See the ads printer publish function.

printer remove

See the ads printer remove function.

printq

Prints information (including the job IDs) about printer queues on the server.

printq delete queue_name

Deletes the specified printer queue. The -j job_id (which can also be specified as --jobid = job_id ) option may be used to specify the job ID of the queue.

rpc abortshutdown

Aborts the shutdown of a remote server.

rpc info

Prints information about the server's domain. The method ( rpc ) must be specified to differentiate this function from the ads info function.

rpc join

Joins a computer to a Windows NT domain. If the -U username % password option is included, the specified username and password will be used as the administrative account required for authenticating with the PDC. If the -U option is not included, this function can be used only to join the computer to the domain after the computer account has been created using the Server Manager. The method ( rpc ) must be specified to differentiate this function from the ads join function.

rpc shutdown

Shuts down a server. This function accepts the -r , -f , -t , and -c miscellaneous options. The -r option (which can also be specified as --reboot ) requests that the system reboot after shutting down. The -f option (which can also be specified as --force ) forces a shutdown. The -t timeout option (which can also be specified as - -timeout= number ) specifies the number of seconds to wait before shutting down, and the -c comment option (which can also be specified as - -comment= string ) can be used to specify a message to the client user. On Windows, the comment appears in the Message area in the System Shutdown dialog box.

rpc trustdom add domain_name

Adds an account for the trust relationship with the specified Windows NT domain.

rpc trustdom establish domain_name

Establishes a trust relationship with the specified Windows NT domain.

rpc trustdom revoke domain_name

Revokes the trust relationship with the specified Windows NT domain.

search

See the ads search function.

server

Lists servers in the domain or workgroup, which defaults to the value of the workgroup parameter in the Samba configuration file.

session

Lists clients with open sessions to the server.

session delete NetBIOS_ name

Closes the session to the server from the specified client. A synonym is session close .

session close

A synonym for session delete .

share

Lists the shares offered by the server. When a Windows 95/98/Me server is the target system, it might be necessary to specify the method as rap for this to work properly.

share add share_name = server_path

Adds a share on the target server. The name of the share and the folder to be shared are specified by the share_name = server_path argument, with server_path the Windows directory name, with spaces and other special characters (if any) quoted and with the backslashes escaped (e.g., " data=C:\\Documents and Settings\\jay\\Desktop\\data "). The -C comment option (which can also be specified as - -comment= string ) can be used to define a description for the share. The -M number option (which can also be specified as --maxusers= number ) can be used to set the maximum number of users that can connect to the share. The method ( rap or rpc ) might need to be specified for this function to work. The regular folder icon cannot change into a "shared folder" icon in Windows Explorer until the display is refreshed.

share delete share_name

Deletes a share from the target server. The share_name argument is simply the name of the share on the target server, not a UNC. The method ( rap or rpc ) might need to be specified for this function to work. The "shared folder" icon in Windows Explorer cannot change back to the regular folder icon until the display is refreshed.

shutdown

See the rpc shutdown function.

status

See the ads status function.

time

Displays the system timein Unix date command formaton the target system.

time set

Sets the local system's hardware clock using the time obtained from the operating system.

time system

Sets the time on the local system using the time obtained from the remote system.

time zone

Prints the time zone (in hours from GMT) in use on the system.

trustdom add

See the rpc trustdom add function.

trustdom establish

See the rpc trustdom establish function.

trustdom revoke

See the rpc trustdom revoke function.

user

Lists user accounts. The method can be specified as ads , rap , or rpc .

user add username [password]

Adds a user account for the user specified by username . The -c comment option (which can also be specified as - -comment= string ) can be used to set a comment for the account. The -F user_flags option can be used to set flags (specified in numeric format) for the account. The method can be specified as ads , rap , or rpc .

user delete username

Deletes the specified user's account. The method can be specified as ads , rap , or rpc .

user info username

Lists the domain groups to which the specified user belongs. The method can be specified as ads , rap , or rpc .