Samba4 Patch: newuseradv and newgroupadv scripts for net cmd utlity

Lukasz Zalewski lukas at
Fri May 28 05:34:40 MDT 2010

Hi Matthias,

On 05/28/2010 08:41 AM, Matthias Dieter Wallnöfer wrote:
> Hi Lukasz,
> it's like this:
> Lukasz Zalewski wrote:
>>> I agree. net is confusing enough as it is :)
>>> e.g.:
>>> password Changes/Sets the password on a user account [server
>>> connection needed]
>>> [...]
>>> setpassword (Re)sets the password on a user account
> The two commands are different in the sense that if there is written
> "[server connection needed]" then it means the call operates over RPC
> ("libnet") and needs a running server daemon (locally or remote). The
> RPC calls have the nice side-effect that they should also painless work
> against other DC server types (s3 for example).
> But if this phrase is missing then a certain command operates on the
> directory/database level (in our case LDB) and is mainly thought for
> operations on the local server (some do work also remotely over LDAP -
> but this depends).
> So this division does make sense: not for every task you have an RPC
> call and/or sometimes you do need direct database access probably also
> with a server down (vampire for a s4 machine).
> Well let us now think about "net password"/"net setpassword". Imagine
> you have to reset the administrator password which you forgot. "net
> password" doesn't work since it uses an RPC call with administrative
> authentication in order to do so. Therefore your solution is the use of
> "net setpassword" which is able to directly manipulate the local LDB
> database if you have FS write permissions (generally user "root").
>> On the simmilar note,
>> there is also
>> newuser Creates a new user
>> [...]
>> user User management [server connection needed]
> Here it's pretty much the same. The first command can directly work on
> the database. The latter one (net user add) does only work over RPCs.
> Therefore I would leave "net setpassword" and "net newuser" in since it
> could be essential to create a user or to reset a password without
> server connection.
> I hope that my post makes it more understandable. Probably the help
> lines are still not clear enough.
> Matthias

This makes it much clearer, thank you :)
I have noticed that samba4 net utility did away with rpc (and ads and 
rap) submenus. This makes things a little bit simpler in terms of 
options but it also makes grouping more difficult, i.e.
newuser utility conceptually should be submenu of user.
Would (similarly to old net utility) the following net user structure be 

user	User management
	new 	Creates a new user
	delete	Deletes a user

		new	Creates a new user [server connection needed]
		delete	Deletes a user	   [server connection needed]



More information about the samba-technical mailing list