⚠

Auto-generated content — pending SME review

This content was auto-generated from Fusion SMB documentation and is pending SME review. Please verify accuracy before using in partner-facing contexts.

CLI Tools Reference

Fusion SMB ships with seven command-line utilities for managing, diagnosing, and operating the server. This page provides a support-focused overview of each tool with practical diagnostic workflows.

Tool Summary

Command	Purpose
`tsmb-server`	Start the Fusion SMB server
`tsmb-status`	Query server status and runtime statistics
`tsmb-cfg`	Manage configuration at runtime
`tsmb-passwd`	Manage users and groups (file-backed database)
`tsmb-acls`	Inspect and set Windows-style ACLs on files
`tsmb-privilege`	Grant or revoke Windows privileges
`tsmb-migrate`	Import Winbind ID mappings from Samba

tsmb-server — Server Startup

tsmb-server [<parameter>,...]

Starts the Fusion SMB server process.

Flag	Description
`-B`	Run in background (daemonize)
`-c <path>`	Path to config file (default: `/etc/tsmb.conf`)
`-p`	Persistent configuration mode — makes runtime changes via `tsmb-cfg` survive restarts
`-i <id>`	Server instance ID for persistent FileIDs (useful for non-Corosync clusters)
`-v`	Print version and exit
`-h`	Print help

Support use: Always start troubleshooting by confirming the version:

tsmb-server -v

Check the output against the version lifecycle to verify the customer is running a supported release.

tsmb-status — Server Statistics

tsmb-status [<option>,...] [<subcommand> [<parameter>,...]]

Queries always-on diagnostic metrics from the running server. No configuration is required — statistics are collected automatically.

Option	Description
`stats`	Show server statistics
`stats --category <cat>`	Filter: `all` (default), `connection`, `session`
`stats --format <fmt>`	Output: `tabular` (default) or `json`
`stats --verbose`	Include internal statistics

Diagnostic Workflow: Identify Connected Users

# List all active sessions with connection details
tsmb-status stats --category session --format json | jq '.session[] | {Username, "Session ID", Guest, "Signing required", "Encryption required"}'

Diagnostic Workflow: Check Connection Health

# Capture full stats snapshot for a support case
tsmb-status stats --format json > /tmp/fusion-stats-$(date +%Y%m%d-%H%M%S).json

# Find connections using older dialects
tsmb-status stats --category connection --format json | jq '.connection[] | select(.Dialect != "3.1.1") | {Dialect, "Src Address", "Dst Address"}'

Diagnostic Workflow: Find Slow Operations

# Identify operations with high average duration
tsmb-status stats --format json | jq '.connection[].Operations | to_entries[] | select(.value.Count > 0) | {op: .key, count: .value.Count, total_duration: .value."Total Duration"}'

tsmb-cfg — Runtime Configuration

tsmb-cfg [<option>,...] <command> [<parameter>,...]

Manages server configuration while the server is running. By default, changes are not persistent across restarts unless the server was started with tsmb-server -p.

Common option: -c <path> to specify config file (default: /etc/tsmb.conf).

Global Configuration

Command	Description
`tsmb-cfg global list`	List current global configuration
`tsmb-cfg global list --format json`	List in JSON format
`tsmb-cfg global update <param> <value>`	Update a global parameter

Support use — change log level at runtime:

# Increase verbosity for troubleshooting
sudo tsmb-cfg global update log_level 6

# Target a specific subsystem (idmap debugging)
sudo tsmb-cfg global update log_level "4 idmap:40"

# Revert to production level when done
sudo tsmb-cfg global update log_level 3

Command	Description
`tsmb-cfg share list`	List all configured shares
`tsmb-cfg share list --format json`	List shares in JSON format
`tsmb-cfg share add -n <name> -p <path> [options]`	Add a new share
`tsmb-cfg share del -n <name>`	Remove a share
`tsmb-cfg share update -n <name> <param> <value>`	Update a share parameter

Support use — verify share configuration:

# List all shares and their paths
tsmb-cfg share list --format json | jq '.[] | {name: .netname, path: .path, audit_level: .audit_level}'

tsmb-passwd — User and Group Management

tsmb-passwd [<option>,...] <command> [<parameter>,...]

Manages the file-backed user database. Used when Fusion SMB is not joined to Active Directory, or for managing local service accounts alongside AD.

Command	Description
`--add <user>`	Add a user (`-s` reads password from stdin, `-H` for NT hash, `-G` for guest)
`--update <user>`	Update a user (`-e` enable, `-d` disable, `--create` to upsert)
`--remove <user>`	Remove a user
`--add-member <user> <group>`	Add user to a group
`--remove-member <user> <group>`	Remove user from a group
`--list`	List all users and groups (JSON output)
`--list-members <group>`	List members of a group
`--lookup <name-or-SID>`	Lookup account by name or SID
`--translate`	Convert between SID, UID, and GID
`--group`	With `--add` or `--remove`, operate on groups instead of users

Common option: -c <path> to specify config file.

Support use — check user accounts:

# List all local users
tsmb-passwd --list | jq '.users[]'

# Check if a specific user exists and is enabled
tsmb-passwd --lookup myuser

# Map a POSIX user to a local account
tsmb-passwd --add svcaccount -z posix_user -s <<< "password"

tsmb-acls — ACL Management

tsmb-acls [<option>,...] [<command> [<parameter>,...]]

Inspects and sets Windows-style Access Control Lists on filesystem objects. Essential for diagnosing permission issues.

Command	Description
`--get <path>`	Retrieve ACLs for a file or directory
`--set <path> <SDDL>`	Set ACLs using an SDDL (Security Descriptor Definition Language) string
`--stdin`	Read security descriptor from stdin as hex (with `--get` only)
`--map-acls <method>`	ACL storage method: `xattr:raw` (native Windows) or `xattr:v3` (Samba-compatible)

Support use — diagnose permission issues:

# Check ACLs on a file a user cannot access
tsmb-acls --get /export/share/protected-file.docx

# Check ACLs on a share root directory
tsmb-acls --get /export/share/

The output shows the security descriptor in SDDL format, which encodes the owner, group, and access control entries. Compare against the expected permissions when a user reports "access denied" errors.

tsmb-privilege — Windows Privilege Management

tsmb-privilege [<option>,...] <command> [<parameter>,...]

Controls Windows privileges granted to users. These privileges affect administrative operations on the server.

Command	Description
`grant <privilege> <user>`	Grant a privilege to a user
`revoke <privilege> <user>`	Revoke a privilege from a user
`list`	List all granted privileges

Available Privileges

Privilege	Effect
`SeSecurityPrivilege`	Manage auditing and security logs
`SeTakeOwnershipPrivilege`	Take ownership of files and objects
`TsmbServerOperatorsPrivilege`	Server operator access
`TsmbServerShareOperatorsPrivilege`	Share management access
`TsmbServerOpenOperatorsPrivilege`	Open file operations access
`TsmbServerSessionOperatorsPrivilege`	Session management access

Support use — check privilege grants:

# List all privilege assignments
tsmb-privilege list

# Grant share management to a service account
tsmb-privilege grant TsmbServerShareOperatorsPrivilege DOMAIN\\svcadmin

tsmb-migrate — Winbind ID Migration

tsmb-migrate [<option>,...] [<command> [<parameter>,...]]

Imports Winbind ID mapping databases from Samba backends (tdb or autorid) into Fusion SMB's format. Used during migrations from Samba to Fusion SMB to preserve UID/GID mappings and avoid permission breakage.

Support use: This tool is relevant when a customer is migrating from a Samba deployment and needs to preserve existing identity mappings so that file ownership and permissions remain consistent.

Support Diagnostic Playbook

When a customer reports an issue, use these tools in sequence:

# 1. Confirm version
tsmb-server -v

# 2. Check server is running and capture statistics
tsmb-status stats --format json > /tmp/diag-stats.json

# 3. Review current configuration
tsmb-cfg global list --format json > /tmp/diag-config.json
tsmb-cfg share list --format json > /tmp/diag-shares.json

# 4. If permission issue — check ACLs on affected path
tsmb-acls --get /path/to/problem/file

# 5. If auth issue — check local user database
tsmb-passwd --list
tsmb-privilege list

# 6. Increase log verbosity for active diagnosis
sudo tsmb-cfg global update log_level "6 idmap:40"

# 7. Reproduce the issue, then collect logs
# (see Log Collection & Analysis page)

# 8. Revert log level
sudo tsmb-cfg global update log_level 3

Reference: For complete parameter documentation for each command, see the CLI Reference on docs.tuxera.com.

✍Knowledge Check

1. Which command captures a full statistics snapshot in JSON for a support case?

2. What tool should you use to diagnose a 'permission denied' error on a file?

3. When migrating from Samba, which tool preserves existing UID/GID mappings?

Tool Summary​

tsmb-server — Server Startup​

tsmb-status — Server Statistics​

Diagnostic Workflow: Identify Connected Users​

Diagnostic Workflow: Check Connection Health​

Diagnostic Workflow: Find Slow Operations​

tsmb-cfg — Runtime Configuration​

Global Configuration​

Share Management​

tsmb-passwd — User and Group Management​

tsmb-acls — ACL Management​

tsmb-privilege — Windows Privilege Management​

Available Privileges​

tsmb-migrate — Winbind ID Migration​

Support Diagnostic Playbook​