Samba4 Patch: newuseradv and newgroupadv scripts for net cmd utlity

Matthias Dieter Wallnöfer mdw at
Fri May 28 01:41:49 MDT 2010

Hi Lukasz,

it's like this:

Lukasz Zalewski wrote:
>> I agree.  net is confusing enough as it is :)
>> e.g.:
>>     password    Changes/Sets the password on a user account [server 
>> connection needed]
>> [...]
>>     setpassword    (Re)sets the password on a user account
The two commands are different in the sense that if there is written 
"[server connection needed]" then it means the call operates over RPC 
("libnet") and needs a running server daemon (locally or remote). The 
RPC calls have the nice side-effect that they should also painless work 
against other DC server types (s3 for example).
But if this phrase is missing then a certain command operates on the 
directory/database level (in our case LDB) and is mainly thought for 
operations on the local server (some do work also remotely over LDAP - 
but this depends).
So this division does make sense: not for every task you have an RPC 
call and/or sometimes you do need direct database access probably also 
with a server down (vampire for a s4 machine).

Well let us now think about "net password"/"net setpassword". Imagine 
you have to reset the administrator password which you forgot. "net 
password" doesn't work since it uses an RPC call with administrative 
authentication in order to do so. Therefore your solution is the use of 
"net setpassword" which is able to directly manipulate the local LDB 
database if you have FS write permissions (generally user "root").
> On the simmilar note,
> there is also
>     newuser        Creates a new user
> [...]
>     user        User management [server connection needed]
Here it's pretty much the same. The first command can directly work on 
the database. The latter one (net user add) does only work over RPCs.

Therefore I would leave "net setpassword" and "net newuser" in since it 
could be essential to create a user or to reset a password without 
server connection.

I hope that my post makes it more understandable. Probably the help 
lines are still not clear enough.


More information about the samba-technical mailing list