samba-regedit

samba-regedit [options] [command] [arguments]

--help
    Displays the help message and exits.

--file=<ldb_file>
    Specifies the LDB file to operate on. If not specified, it typically defaults to sam.ldb for an AD DC.

--machine
    Authenticates using machine credentials. Useful when running on a domain member or DC.

--user=<username>
    Specifies the username for authentication. Requires Domain Admin privileges for most operations.

--password=<password>
    Specifies the password for the given username. For security, it's often better to omit this and be prompted.

import <filename>
    Imports registry data from a specified .reg file. The file content should be in the standard Windows registry format.

export <filename>
    Exports the specified registry key or the entire registry to a .reg file.

query <key_path> [<value_name>]
    Queries and displays the content of a specific registry key or a named value within it.

add <key_path> <value_name> <type> <data>
    Adds a new registry key or a new value to an existing key. <type> can be REG_DWORD, REG_SZ, REG_MULTI_SZ, etc.

set <key_path> <value_name> <data>
    Sets (modifies) the data for an existing registry value.

delete <key_path> [<value_name>]
    Deletes a specified registry key (and all its subkeys/values) or a specific value within a key.

enum-keys <key_path>
    Enumerates and lists all subkeys directly under the specified <key_path>.

enum-values <key_path>
    Enumerates and lists all values directly under the specified <key_path>.

samba-regedit is a powerful command-line utility within the Samba suite designed for advanced administrators to directly inspect and modify Samba's internal registry. Unlike the smb.conf file, which handles many common configurations, samba-regedit allows for direct manipulation of registry keys and values that Samba uses for its Active Directory Domain Controller (AD DC) functionality and other internal settings.

It operates on the underlying LDB (Lightweight Directory B-tree) database files (such as sam.ldb) that store Samba's configuration and Active Directory objects. This tool supports operations similar to Windows' Regedit, including importing/exporting .reg files, querying keys, and adding, setting, or deleting values. Due to its direct interaction with critical Samba databases, it should be used with extreme caution and only by experienced users.

EXTREME CAUTION ADVISED: This tool directly modifies Samba's internal databases. Incorrect usage can lead to data corruption, loss of configuration, or complete failure of Samba services, especially an Active Directory Domain Controller.

Backup First: Always back up your critical LDB files (e.g., /var/lib/samba/private/sam.ldb) before making any changes.

Privileges: Requires root privileges or a Samba Domain Admin account to operate effectively.

Service Restart: Many changes made via samba-regedit will require a restart of Samba services (e.g., samba-ad-dc.service) to take effect.

Samba's internal registry often emulates parts of the Windows registry hierarchy, especially keys relevant to services, security, and software configurations. Common root keys include HKEY_LOCAL_MACHINE and sometimes HKEY_CURRENT_USER (though the latter is less frequently manipulated via samba-regedit).

The 'registry' that samba-regedit interacts with is not a traditional flat file but a structured LDB database. samba-regedit translates the familiar registry operations (add, delete, query) into corresponding LDB database operations, making complex LDB manipulation more accessible for users familiar with Windows registry concepts.

While most Samba configuration is done in smb.conf, samba-regedit is used for specific advanced scenarios such as:

• Enabling/disabling specific internal Samba features not exposed elsewhere.
• Modifying advanced security settings or logging levels.
• Troubleshooting complex Active Directory replication or authentication issues.
• Implementing very specific registry-based group policies or application settings within the AD environment.

With the advent of Samba 4 and its capabilities as an Active Directory Domain Controller, Samba needed a mechanism to manage its own internal 'registry' that mirrored parts of the Windows registry for AD objects and other system-wide settings. This internal data is stored in LDB (Lightweight Directory B-tree) databases. samba-regedit was developed as a command-line interface to provide a familiar 'Regedit'-like experience for administrators to interact with these LDB-backed registry settings, offering direct control over configurations not typically exposed through smb.conf or the simpler net commands. It has been a part of the Samba 4 toolset since its early development to facilitate advanced configuration and troubleshooting for Samba AD DCs.

samba(7), ldbedit(1), net(8), smb.conf(5)