Maintenance Commands sam2passwd(1M)
NAME
sam2passwd - create a passwd file containing NT Domain user
accounts to add into a Solaris name service
SYNOPSIS
sam2passwd [-g gid] [-h] -l logon [-p password] [-s shell]
[-t directory_path] [-u uid] [-y password] [-D domain] [-I
instance]
sam2passwd [-e] [-h] -l logon [-p password] [-I instance]
DESCRIPTION
The sam2passwd user account migration application reconciles
NT Domain user accounts with user accounts in the active
Solaris name service (FILES, NIS, NIS+, LDAP). This is
accomplished by creating a passwd(4) formatted file of NT
Domain user accounts.
The sam2passwd application bridges Windows NT Domain ser-
vices with Solaris name services (FILES, NIS, NIS+, LDAP).
The bridge can only be established if you log on to the NT
domain with an administrative logon and run sam2passwd as
superuser.
sam2passwd supports two modes of operation, both of which
produce a passwd(4) formatted file of non-privileged NT
Domain user accounts to be added to the active Solaris name
service. Beyond this, the modes work as follows:
1. Create both the passwd-formatted file and an optional
Bourne shell script for mapping NT Domain user IDs to
Solaris user names.
2. Create a passwd-formatted log file of NT Domain user
accounts not defined in the active Solaris name service.
Mode 1, the default mode, exports all non-privileged NT
Domain user accounts to a passwd(4) formatted output file
called /var/opt/lanman/dirsync/sam2passwd.passwd.
The sam2passwd user account migration application checks
each Domain user account name against the active Solaris
name service (FILES, NIS, NIS+, LDAP) passwd map. If the
account name does not exist in the passwd map, it is written
to an output file formatted as a passwd(4) entry. If the
account name exists, or is a privileged account, it is
skipped and logged as such.
Mode 1 produces two output files. The first output file
/var/opt/lanman/dirsync/sam2passwd.passwd is a passwd(4)
formatted output file containing a list of Domain user
accounts to add into a Solaris name service. The second
output file /var/opt/lanman/dirsync/sam2passwd.mapunames is
a Bourne shell script that gives you the option of mapping
NT Domain user IDs to Solaris user names, after the Domain
user accounts have been entered into a Solaris name service.
By default, sam2passwd produces randomly generated eight-
character alphanumeric passwords for each user account and
writes them to the transaction log
/var/opt/lanman/dirsync/sam2passwd.log. You can override
this default behavior by using the -y password option to
assign a specific password, or no password, to all user
accounts.
The PC NetLink Server HKLEY_LOCAL_MACHINE registry contains
default values for Solaris user's /etc/passwd entry. These
default registry key value pairs are located in
/SYSTEM/CurrentControlSet/Services/AdvancedServer/UserServiceParameters
and
/SYSTEM/CurrentControlSet/Services/LanmanServer/Parameters,
and contain four fields in an /etc/passwd entry. An
administrator can modify the default registry values or
override them with sam2passwd invocation parameters.
The following are PC NetLink key/value registry pairs used
to build each Solaris user's passwd entry.
Registry Key Default Value /etc/passwd Field
_______________________________________________________
Exclude 0-100 pw_uid
UserComment PC NetLink user name pw_gecos
userpath c:\export\lanman pw_dir
NewUserShell /bin/false pw_shell
Mode 2 finds NT Domain user accounts not defined in the
active Solaris name service (FILES, NIS, NIS+, LDAP). Using
this mode produces a passwd(4) formatted output file called
/var/opt/lanman/dirsync/sam2passwd.enumeration, that con-
tains all Domain user accounts not defined in the active
Solaris name service. The Solaris name service administra-
tor can use this output file to add each Domain user to the
Solaris name service.
All transactions, errors, and data files are written to
/var/opt/lanman/dirsync and each entry is prefixed with the
string sam2passwd.
OPTIONS
The sam2passwd user account migration application supports
the following options:
-e Checks if each non-privileged NT Domain user account is
defined in the active Solaris name service. Each
account not defined in the active Solaris name service
is written as a passwd(4) entry in the output file
/var/opt/lanman/dirsync/sam2passwd.enumeration. You
cannot use this option with the -g, -h, -s, -t, -u, or
-y options.
-g gid
Overrides the Solaris default group ID of 1 (for
instance, other::1:) allowing a system administrator
to specify a group ID (for instance, -g 99) for all
Solaris user accounts created by sam2passwd. You can-
not use this option with the -e or -h options. See
group(4) for details.
-h Displays a help message for sam2passwd.
-l logon
Lets you log on to the domain by specifying the logon
name for a Domain Administrative account, which you
must supply for all sam2passwd operations.
-p password
Specifies a Windows NT Domain Administrative account
password, which you must supply for all sam2passwd
operations. If you omit -p password, then sam2passwd
prompts for an Administrative password.
-s shell
Overrides the PC NetLink default shell value of
/bin/false stored in the PC NetLink Server registry.
This option allows a system administrator to specify a
shell (for example, -s /bin/sh) for all Solaris user
accounts created by sam2passwd. You cannot use this
option with the -e or -h options.
-t directory_path
Overrides the PC NetLink default directory path of
c:/export/lanman in the PC NetLink Server registry,
allowing a system administrator to specify a home
directory path (for instance, -t /export/home) for all
Solaris user accounts created by sam2passwd. You can-
not use this option with the -e or -h options.
-u uid
Overrides the PC NetLink default starting user ID. By
default, sam2passwd searches for the first unused user
ID and starts adding Solaris user accounts at that UID,
incrementing by one for each Solaris user account it
creates. The PC NetLink registry contains an Exclude
parameter where user ID ranges (for example, 0-100) can
be excluded from the search. User ID boundaries for
sam2passwd have a floor of 100 and a ceiling of
LONG_MAX, which are the user ID boundaries used in
Solaris.
The -u invocation parameter overrides the sam2passwd
default starting user ID, allowing a system administra-
tor to specify a starting user ID (for instance, -u
1000), and incrementing by one for each Solaris user
account sam2passwd creates. You cannot use this option
with the -e or -h options.
-y password
Overrides the randomly generated default eight-
character alphanumeric password and assigns a password
you specify to all Solaris user accounts being added by
sam2passwd. Specifying NULL (for instance, -y NULL)
creates accounts without passwords.
All Solaris user account passwords are written to the
sam2passwd transaction log
/var/opt/lanman/dirsync/sam2passwd.log. These pass-
words are readable only by the superuser. You cannot
use this option with the -e or -h options.
-D domain
Extracts NT domain accounts from the PDC of the speci-
fied domain.
-Iinstance
Specifies the PCNL instance name or number. In a
multi-instance environment instance may be specified
either on the command line or by the environment vari-
able PCNL_INSTANCE. If there is only one instance con-
figured, it is not necessary to specify this argument.
EXAMPLES
The examples below illustrate sam2passwd's two modes of
operation.
# sam2passwd -l Administrator -p password -u 1000 -t
/export/home -s /bin/sh
This example creates two output files,
/var/opt/lanman/dirsync/sam2passwd.passwd and
/var/opt/lanman/dirsync/sam2passwd.mapunames. The
sam2passwd.passwd output file contains NT Domain user
accounts to add into a Solaris name service. The
sam2passwd.mapunames output file is an optional Bourne
shell script that maps Domain user account IDs to
Solaris user account names. You can run this script
after the NT Domain user accounts have been added into
the Solaris name service.
Solaris user account IDs start at 1000 and increment by
one for each user account created using sam2passwd.
Each user's home directory is located at /export/home
and each user will login to Solaris with a Bourne
shell.
# sam2passwd -l Administrator -p password -e
This example produces a passwd(4) formatted output file
called /var/opt/lanman/dirsync/sam2passwd.enumeration
that contains PC NetLink user accounts not defined in
the active Solaris name service (FILES, NIS, NIS+,
LDAP). The Solaris name service administrator can use
this output file to check which NT Domain user accounts
are defined in the active Solaris name service.
FILES
/var/opt/lanman/dirsync/sam2passwd.log
sam2passwd transaction log.
/var/opt/lanman/dirsync/sam2passwd.errors
sam2passwd error log.
/var/opt/lanman/dirsync/sam2passwd.passwd
PC NetLink user accounts to be added into a
Solaris name service.
/var/opt/lanman/dirsync/sam2passwd.mapunames
Bourne shell script mapping PC NetLink Server
user account IDs to Solaris user account IDs.
/var/opt/lanman/dirsync/sam2passwd.enumeration
PC NetLink user accounts not defined in the
Solaris name service.
SEE ALSO
passwd(4), group(4), mapuname(1), passwd2sam(1M),
nisaddent(1M), ypcat(1), ldaplist(1), nsswitch.conf(4)