'\" t .\" @(#)sam2passwd.1m 1.1 11/11/98 SMI .\" Copyright (c) 1999, Sun Microsystems, Inc. .\" All Rights Reserved .TH sam2passwd 1 "30 Oct 1998" .SH NAME sam2passwd \- create a passwd file containing SunLink Server user accounts to add into a Solaris name service .SH SYNOPSIS sam2passwd [-g gid] [-h] -l logon -p password [-s shell] [-t directory_path] [-u uid] [-y password] .PP sam2passwd [-f] [-h] [-i file] -l logon -p password .SH DESCRIPTION The sam2passwd import utility enumerates SunLink Server user accounts and writes out an /etc/passwd passwd(4) formatted file. This file contains SunLink Server user accounts to add into a Solaris name service (FILES, NIS, NIS+). .PP The sam2passwd import utility is a SunLink Server application that bridges Windows NT Domain services with Solaris name services (FILES, NIS, NIS+). The bridge can only be established if you log on to the Windows NT Domain as Administrator and run sam2passwd as superuser. SunLink Server software must be up and running for sam2passwd to execute. .PP sam2passwd supports two modes of operation: .PP 1. Creates an /etc/passwd formatted output file containing non-privileged SunLink Server user accounts to add into a Solaris name service (FILES, NIS, NIS+). .PP 2. Finds deleted SunLink Server user accounts, created using sam2passwd, that have subsequently been deleted from SunLink Server but still exist in a Solaris name service (FILES, NIS, NIS+). .PP Mode 1, the default mode, exports all non-privileged SunLink Server user accounts to an /etc/passwd passwd(4) formatted output file called /var/opt/lanman/dirsync/sam2passwd.passwd. .PP The sam2passwd utility checks each SunLink Server account name against the running Solaris name service (FILES, NIS, NIS+) passwd map. If the account name does not exist in the passwd map, it is written to the output file formatted as an /etc/passwd entry. If the account name exists, or if it is a privileged account, it is skipped and logged as such. .PP Mode 1 produces two output files. The first output file /var/opt/lanman/dirsync/sam2passwd.passwd is an /etc/passwd passwd(4) formatted output file containing a list of SunLink Server user accounts to add into a Solaris name service. The second output file /var/opt/lanman/dirsync/sam2passwd.mapunames is a Bourne shell script. The Bourne shell script is optional functionality that allows you to map SunLink Server user IDs to Solaris user IDs, after the SunLink Server user accounts have been entered into a Solaris name service (FILES, NIS, NIS+). .PP By default, sam2passwd produces randomly generated eight-character alphanumeric passwords for each user account and writes them to the transaction log /var/opt/lanman/dirsync/sam2passwd.log. The -y password option overrides the default behavior allowing an administrator to assign a specific password to all user accounts, or no password at all. .PP The SunLink Server HKLEY_LOCAL_MACHINE registry contains default values for Solaris user's /etc/passwd entry. These default registry key value pairs are located in /SYSTEM/CurrentControlSet/Services/AdvancedServer/UserServiceParameters and /SYSTEM/CurrentControlSet/Services/LanmanServer/Parameters, and contain four fields in an /etc/passwd entry. An administrator can modify the default registry values or override them with sam2passwd invocation parameters. .PP The following are SunLink Server key/value registry pairs used to build each Solaris user's passwd entry. .PP .nf Registry Key Default Value /etc/passwd Field ------------ ------------- ----------------- .fi .PP .nf Exclude 0-100 pw_uid UserComment SunLink Server user pw_gecos userpath c:\\export\\lanman pw_dir NewUserShell /bin/false pw_shell .fi .PP Mode 2 is used to find deleted SunLink Server user accounts, created using sam2passwd, that have subsequently been deleted from SunLink Server but still exist in a Solaris name service (FILES, NIS, NIS+). Using this mode produces an /etc/passwd passwd(4) formatted output file called /var/opt/lanman/dirsync/sam2passwd.deleted that contains a list of deleted SunLink Server user accounts still active in a Solaris name service. The Solaris name service administrator should delete or make inactive each Solaris user account contained in the list. .PP All transactions, errors, and data files are written to /var/opt/lanman/dirsync and prefixed with sam2passwd. .SH OPTIONS .PP The sam2passwd import utility supports the following options: .SS -f Runs sam2passwd in mode 2, finding deleted SunLink Server user accounts, created using sam2passwd, that are still active in a Solaris name service. .PP This option produces an output file called /var/opt/lanman/dirsync/sam2passwd.deleted, formatted the same way as /etc/passwd passwd(4). The output file contains a list of deleted SunLink Server user accounts to delete from a Solaris name service. This option can be used with the -i file argument specified below. You cannot use this option in conjunction with the -s, -t, -u, or -y options. .SS -i file Used with the -f option above, enumerates all Solaris user accounts specified in the input file against all SunLink Server user accounts, looking for deleted SunLink Server user accounts. You cannot use this option in conjunction with the -s, -t, -u, or -y options. .SS -g gid Overrides the SunLink Server default group ID of 10 (for instance, staff::10:) allowing a system administrator to specify a group ID (for instance, -g 99) for all sam2passwd created Solaris user accounts. This option applies to all Solaris user accounts created using sam2passwd. You cannot use this option in conjunction with the -f or -i options. See group(4) man page for details. .SS -h Displays a sam2passwd usage message. .SS -l logon Specifies a SunLink Server logon to the Administrator account, and is required for all operations. .SS -p password Specifies a SunLink Server Administrator account password, and is required for all operations. .SS -s shell Overrides the SunLink Server default shell value of /bin/false stored in the SunLink Server registry. This option allows a system administrator to specify a shell (for example, -s /bin/sh) for all Solaris user accounts created by sam2passwd. This option applies to all Solaris user accounts created by sam2passwd. You cannot use this option in conjunction with the -f or -i options. .SS -t directory_path Overrides the SunLink Server default directory path of c:\\export\\lanman in the SunLink Server registry, allowing a system administrator to specify a home directory path (for instance, -t /export/home). This option applies to all Solaris user accounts created by sam2passwd. You cannot use this option in conjunction with the -f or -i options. .SS -u uid Overrides the SunLink Server default starting user ID. By default, sam2passwd searches for the first unused user ID and starts adding Solaris user accounts at that UID, incrementing by one for each Solaris user account it creates. The SunLink Server registry contains an Exclude parameter where user ID ranges (for example, 0-100) can be excluded from the search. User ID boundaries for sam2passwd have a floor of 100 and a ceiling of LONG_MAX, which are the lower and upper user ID boundaries of Solaris. .PP The -u invocation parameter overrides the sam2passwd default starting user ID, allowing a system administrator to specify a starting user ID (for instance, -u 1000), and incrementing by one for each Solaris user account sam2passwd creates. You cannot use this option in conjunction with the -f or -i options. .SS -y password Overrides the default randomly generated eight-character alphanumeric password and assigns a specified password to all Solaris user accounts created using sam2passwd. Specifying NULL (for instance, -y NULL) assigns no password to user accounts. Specifying a password assigns the specified password to all Solaris user accounts created using sam2passwd. .PP All Solaris user account passwords are written to the sam2passwd transaction log /var/opt/lanman/dirsync/sam2passwd.log. These passwords are readable only by the superuser. You cannot use this option in conjunction with the -f or -i options. .SH EXAMPLES The examples below illustrate sam2passwd's two modes of operation. 1. sam2passwd -l Administrator -p password -u 1000 -t /export/home -s /bin/sh .PP .PP This example creates two output files, /var/opt/lanman/dirsync/sam2passwd.passwd and /var/opt/lanman/dirsync/sam2passwd.mapunames. The sam2passwd.passwd output file contains the SunLink Server user accounts to add into a Solaris name service. The sam2passwd.mapunames output file is an optional Bourne shell script that maps SunLink Server user account IDs to Solaris user account IDs once the SunLink Server user accounts have been added into a Solaris name service. .PP Solaris user account IDs start at 1000 and increment by one for each user account created using sam2passwd. Each user's home directory is located at /export/home and each user will login to Solaris with a Bourne shell. .PP 2. sam2passwd -l Administrator -p password -f -i sam2passwd.passwd .PP This example produces an /etc/passwd formatted output file called /var/opt/lanman/dirsync/sam2passwd.deleted that contains deleted SunLink Server user accounts, that were earlier created by sam2passwd, and have subsequently been deleted from SunLink Server and still exist in the original output file sam2passwd.passwd. (The assumption is that user accounts in sam2passwd.passwd have been entered into a Solaris name service.) The output file named sam2passwd.deleted contains a list of SunLink Server user accounts to delete from a Solaris name service. .SH FILES .PD 1 .TP 30 .B /var/opt/lanman/dirsync/sam2passwd.log .sp .5 sam2passwd transaction log. .PP .PD 1 .TP 30 .B /var/opt/lanman/dirsync/sam2passwd.errors .sp .5 .sp .5 sam2passwd error log. .PP .PD 1 .TP 30 .B /var/opt/lanman/dirsync/sam2passwd.deleted .sp .5 .sp .5 Deleted SunLink Server user accounts active in Solaris. .PP .PD 1 .TP 30 .B /var/opt/lanman/dirsync/sam2passwd.passwd .sp .5 .sp .5 SunLink Server user accounts to be added into a Solaris name service. .PP .PD 1 .TP 30 .B /var/opt/lanman/dirsync/sam2passwd.mapunames .sp .5 .sp .5 Bourne shell script mapping SunLink Server user account IDs to Solaris user account IDs. .PD .SH SEE ALSO passwd(4) group(4) mapuname(1) passwd2sam(1) nisaddent(1M) ypcat(1) nsswitch.conf(4)