'\" t .\" @(#)passwd2sam.1m 1.1 11/11/98 SMI .\" Copyright (c) 1999, Sun Microsystems, Inc. .\" All Rights Reserved .TH passwd2sam 1 "30 Oct 1998" .SH NAME passwd2sam - add or delete Solaris user accounts in SunLink Server .SH SYNOPSIS passwd2sam -l logon -p password [-h] [-i file] [-m connect] [-n local path] [-o file] [-s logon script] [-u user profile] [-y password] .PP passwd2sam -l logon -p password -r file [-h] .PP passwd2sam -l logon -p password -f [-h] .SH DESCRIPTION The passwd2sam import utility enumerates user accounts stored in a Solaris name service (FILES, NIS, NIS+) into the SunLink Server Security Accounts Manager (SAM) database. .PP All input files to passwd2sam must be formatted as /etc/passwd entries. See the passwd(4) man page for details. .PP passwd2sam bridges Solaris name services and Windows NT Domain services. The bridge can only be established if you log on to the Windows NT Domain as Administrator and run passwd2sam as superuser. SunLink Server software must be up and running for passwd2sam to execute. .PP passwd2sam supports three modes of operation: .PP 1. Add Solaris user accounts into the SunLink Server Security Accounts Manager database (default). .PP 2. Delete Solaris user accounts from the SunLink Server Security Accounts Manager database (see the -r option). .PP 3. Find and disable Windows NT Domain user accounts added by passwd2sam, that subsequently have been deleted from a Solaris name service (see the -f option). .PP Mode 1, adding Solaris user accounts into the SunLink Server Security Accounts Manager database, can be performed using two methods. The default method is to enumerate non-privileged user accounts in the running Solaris name service (FILES, NIS, NIS+), and to add each user account into the SunLink Server Security Accounts Manager database. .PP Another, more selective, method of adding Solaris user accounts to the SunLink Server Security Accounts Manager database is to use an input file formatted in the same way as /etc/passwd passwd(4). .PP Options for the passwd2sam utility support the User Properties of Windows NT Server's User Manager for Domains administration interface. .PP Mode 2, deleting Solaris user accounts from the SunLink Server Security Accounts Manager database, involves creating an input file of user accounts formatted in the same way as /etc/passwd passwd(4), and inputting this input file to passwd2sam using the -r option. .PP Mode 3 is used to find and disable Windows NT Domain user accounts that were added by the passwd2sam import utility, and later deleted from the Solaris name service. Using the passwd2sam import utility in this mode produces an output file called /var/opt/lanman/dirsync/passwd2sam.disabled. This output file can be used as an input file to passwd2sam's delete operation (mode 2). This mode disables SunLink Server user accounts but does not delete them. .PP By default, passwd2sam produces randomly generated eight-character alphanumeric passwords for each user account and writes them to the transaction log /var/opt/lanman/dirsync/passwd2sam.log. The -y password option overrides the default behavior allowing an administrator to assign a specific password to all user accounts, or no password at all. .PP All transactions, errors, and datafiles (except user-specified output files) are written to /var/opt/lanman/dirsync and prefixed with passwd2sam. .SH OPTIONS The passwd2sam import utility supports the following options: .SS -f Runs passwd2sam in mode 3, finding and disabling SunLink Server user accounts that were added by passwd2sam, but subsequently deleted from the Solaris name service. .PP Using this option disables SunLink Server user accounts but does not delete them. This option produces an output file called /var/opt/lanman/dirsync/passwd2sam.disabled, which is formatted the same way as /etc/passwd passwd(4). The output file contains a list of disabled SunLink Server user accounts to delete. You cannot use this option in conjunction with the -m, -n, -o, -r, -s, -u, -y options. .SS -h Displays a passwd2sam usage message. .SS -i file Runs passwd2sam in mode 1, adding user accounts specified by an input file to the SunLink Server Security Accounts Manager database. Using this option overrides the default behavior of enumerating all user accounts from the running Solaris name service and adding each user account to the SunLink Server Security Accounts Manager database. You cannot use this option with the -r option. .SS -l logon Specifies a SunLink Server Administrator logon, and is required for all operations. .SS -m connect Creates a global SunLink Server home directory for each user account passwd2sam adds. .PP The connect argument is a global home Directory path, which is a Universal Naming Convention (UNC) path prefixed by a drive letter and colon. The drive letter and colon must be specified (for instance, H:). The UNC path can be a local or remote LAN Manager path to an existing network shared directory. .PP Each user's logon name is automatically appended to the end of the Home Directory Connect path if not specified. Alternatively, using the %USERNAME% wildcard appends each user's logon name to the end of the UNC path. This option applies to all accounts in the add operation. You cannot use this option in conjunction with the -n option. .PP NOTE: When specifying UNC paths, you must substitute two backslashes for each backslash, to support Solaris command line shells (for instance, -m H:\\\\\\\\SERVER\\\\USERS\\\\%USERNAME%). .SS -n local_path Specifies a user's local home directory on the Windows workstation where the user logs on. This local directory path must be prefixed by a drive letter and colon (for instance , -n C:\\\\USERS\\\\%USERNAME%). .PP Each user's logon name is automatically appended to the end of the local directory if not specified. Alternatively, using the %USERNAME% wildcard appends each user's logon name to the end of the UNC path. This add invocation parameter applies to all accounts in the add operation. You cannot use this invocation parameter in conjunction with the -m invocation parameter. .SS -o file Produces a user-specified output file that is formatted the same as /etc/passwd. This file contains a list of all Solaris user accounts added into the SunLink Server Security Accounts Manager database. This file can be used later to remove Solaris accounts from the SunLink Server Security Accounts Manager database. You cannot use this option in conjunction with the -f or -r options. .SS -p password Specifies a SunLink Server Administrator password, and is required for all operations. .SS -r file Runs the passwd2sam utility in mode 2, enumerating an input file and removing each user account specified from the SunLink Server Security Accounts Manager database. This option deletes user accounts but does not delete users' home directories or files. You cannot use this option in conjunction with the -f or -i options. .SS -s logon_script Sets up a network logon script that runs each time a user successfully logs on to SunLink Server software. .PP The logon_script argument is an absolute Universal Naming Convention (UNC) path that points to a network logon script. The UNC path can be a local or remote LAN Manager path (for instance, -s \\\\\\\\SERVER\\\\NETLOGON\\\\NETLOGON.CMD). This option applies to all accounts added by the passwd2sam import utility. You cannot use this option in conjunction with the -f or -r options. .SS -u user_profile Specifies the User Profile Path, which is a Universal Naming Convention (UNC) path, that points to a roaming or mandatory user profile. The UNC path can be a local or remote LAN Manager path. .PP Each user's logon name is automatically appended to the end of the User path if not specified. Alternatively, use the %USERNAME% wildcard to append each user's logon name to the end of the UNC path (for instance , -u \\\\\\\\SERVER\\\\PROFILES\\\\%USERNAME%). This option applies to all accounts added by the passwd2sam import utility, and cannot be used in conjunction with the -f or -r options. .SS -y password Overrides the default randomly generated eight-character alphanumeric password and assigns a specified password to all SunLink Server accounts added by the passwd2sam import utility. Specifying NULL (for instance , -y NULL) assigns no password to user accounts. Specifying a password assigns the specified password to all user accounts added by passwd2sam. .PP All user account passwords are written to the passwd2sam transaction log /var/opt/lanman/dirsync/passwd2sam.log. These passwords are readable only by the superuser. .PP SunLink Server users will be prompted to change their password on the first successful SunLink Server logon. This option applies to all accounts added by the passwd2sam import utility. You cannot use this option in conjunction with the -f or -r options. .SH EXAMPLES The examples below illustrate passwd2sam's three modes of operation. .PP 1. passwd2sam -l Administrator -p password -m H:\\\\\\\\SERVER\\\\USERS\\\\%USERNAME% -s \\\\\\\\SERVER\\\\NETLOGON\\\\NETLOGON.CMD .PP This example adds all Solaris user accounts found in the running Solaris name service (for instance, FILES, NIS, NISPLUS) into the SunLink Server Security Accounts Manager database. The -m invocation parameter creates a global home directory for each user at the specified UNC path. User account passwords are eight randomly generated characters. In addition, each SunLink Server user account will execute the network logon script specified by the -s invocation parameter upon successful logon. .PP 2. passwd2sam -l Administrator -p password -r passwd2sam.disabled .PP This example deletes all SunLink Server user accounts specified in the input file passwd2sam.disabled. This input file must be formatted in the same way as /etc/passwd. See passwd(4) for details. .PP 3. passwd2sam -l Administrator -p password -f .PP This example disables SunLink Server user accounts that cannot be found in the running Solaris name service. This example also produces an output file /var/opt/lanman/dirsync/passwd2sam.disabled, which contains a list of the disabled SunLink Server user accounts. Directories and files owned by a disabled SunLink Server account are not deleted. .SH FILES .PD 1 .TP 45 .B /var/opt/lanman/dirsync/passwd2sam.log passwd2sam transaction log. .PP .PD 1 .TP 45 .B /var/opt/lanman/dirsync/passwd2sam.errors passwd2sam error log. .PP .PD 1 .TP 45 .B /var/opt/lanman/dirsync/passwd2sam.disabled List of disabled SunLink Server user accounts. .PD .SH SEE ALSO passwd(4) mapuname(1) sam2passwd(1) nisaddent(1M) ypcat(1) nsswitch.conf(4) .SH NOTES When using passwd2sam arguments containing backslashes, you must substitute two backslashes for each backslash, to support Solaris command line shells.