This content was auto-generated from Fusion SMB documentation and is pending SME review. Please verify accuracy before using in partner-facing contexts.
CLI Tools Reference
Fusion SMB ships with seven command-line utilities for managing, diagnosing, and operating the server. This page provides a support-focused overview of each tool with practical diagnostic workflows.
Tool Summary
| Command | Purpose |
|---|---|
tsmb-server | Start the Fusion SMB server |
tsmb-status | Query server status and runtime statistics |
tsmb-cfg | Manage configuration at runtime |
tsmb-passwd | Manage users and groups (file-backed database) |
tsmb-acls | Inspect and set Windows-style ACLs on files |
tsmb-privilege | Grant or revoke Windows privileges |
tsmb-migrate | Import Winbind ID mappings from Samba |
tsmb-server — Server Startup
tsmb-server [<parameter>,...]
Starts the Fusion SMB server process.
| Flag | Description |
|---|---|
-B | Run in background (daemonize) |
-c <path> | Path to config file (default: /etc/tsmb.conf) |
-p | Persistent configuration mode — makes runtime changes via tsmb-cfg survive restarts |
-i <id> | Server instance ID for persistent FileIDs (useful for non-Corosync clusters) |
-v | Print version and exit |
-h | Print help |
Support use: Always start troubleshooting by confirming the version:
tsmb-server -v
Check the output against the version lifecycle to verify the customer is running a supported release.
tsmb-status — Server Statistics
tsmb-status [<option>,...] [<subcommand> [<parameter>,...]]
Queries always-on diagnostic metrics from the running server. No configuration is required — statistics are collected automatically.
| Option | Description |
|---|---|
stats | Show server statistics |
stats --category <cat> | Filter: all (default), connection, session |
stats --format <fmt> | Output: tabular (default) or json |
stats --verbose | Include internal statistics |
Diagnostic Workflow: Identify Connected Users
# List all active sessions with connection details
tsmb-status stats --category session --format json | jq '.session[] | {Username, "Session ID", Guest, "Signing required", "Encryption required"}'
Diagnostic Workflow: Check Connection Health
# Capture full stats snapshot for a support case
tsmb-status stats --format json > /tmp/fusion-stats-$(date +%Y%m%d-%H%M%S).json
# Find connections using older dialects
tsmb-status stats --category connection --format json | jq '.connection[] | select(.Dialect != "3.1.1") | {Dialect, "Src Address", "Dst Address"}'
Diagnostic Workflow: Find Slow Operations
# Identify operations with high average duration
tsmb-status stats --format json | jq '.connection[].Operations | to_entries[] | select(.value.Count > 0) | {op: .key, count: .value.Count, total_duration: .value."Total Duration"}'
tsmb-cfg — Runtime Configuration
tsmb-cfg [<option>,...] <command> [<parameter>,...]
Manages server configuration while the server is running. By default, changes are not persistent across restarts unless the server was started with tsmb-server -p.
Common option: -c <path> to specify config file (default: /etc/tsmb.conf).
Global Configuration
| Command | Description |
|---|---|
tsmb-cfg global list | List current global configuration |
tsmb-cfg global list --format json | List in JSON format |
tsmb-cfg global update <param> <value> | Update a global parameter |
Support use — change log level at runtime:
# Increase verbosity for troubleshooting
sudo tsmb-cfg global update log_level 6
# Target a specific subsystem (idmap debugging)
sudo tsmb-cfg global update log_level "4 idmap:40"
# Revert to production level when done
sudo tsmb-cfg global update log_level 3
Share Management
| Command | Description |
|---|---|
tsmb-cfg share list | List all configured shares |
tsmb-cfg share list --format json | List shares in JSON format |
tsmb-cfg share add -n <name> -p <path> [options] | Add a new share |
tsmb-cfg share del -n <name> | Remove a share |
tsmb-cfg share update -n <name> <param> <value> | Update a share parameter |
Support use — verify share configuration:
# List all shares and their paths
tsmb-cfg share list --format json | jq '.[] | {name: .netname, path: .path, audit_level: .audit_level}'
tsmb-passwd — User and Group Management
tsmb-passwd [<option>,...] <command> [<parameter>,...]
Manages the file-backed user database. Used when Fusion SMB is not joined to Active Directory, or for managing local service accounts alongside AD.
| Command | Description |
|---|---|
--add <user> | Add a user (-s reads password from stdin, -H for NT hash, -G for guest) |
--update <user> | Update a user (-e enable, -d disable, --create to upsert) |
--remove <user> | Remove a user |
--add-member <user> <group> | Add user to a group |
--remove-member <user> <group> | Remove user from a group |
--list | List all users and groups (JSON output) |
--list-members <group> | List members of a group |
--lookup <name-or-SID> | Lookup account by name or SID |
--translate | Convert between SID, UID, and GID |
--group | With --add or --remove, operate on groups instead of users |
Common option: -c <path> to specify config file.
Support use — check user accounts:
# List all local users
tsmb-passwd --list | jq '.users[]'
# Check if a specific user exists and is enabled
tsmb-passwd --lookup myuser
# Map a POSIX user to a local account
tsmb-passwd --add svcaccount -z posix_user -s <<< "password"
tsmb-acls — ACL Management
tsmb-acls [<option>,...] [<command> [<parameter>,...]]
Inspects and sets Windows-style Access Control Lists on filesystem objects. Essential for diagnosing permission issues.
| Command | Description |
|---|---|
--get <path> | Retrieve ACLs for a file or directory |
--set <path> <SDDL> | Set ACLs using an SDDL (Security Descriptor Definition Language) string |
--stdin | Read security descriptor from stdin as hex (with --get only) |
--map-acls <method> | ACL storage method: xattr:raw (native Windows) or xattr:v3 (Samba-compatible) |
Support use — diagnose permission issues:
# Check ACLs on a file a user cannot access
tsmb-acls --get /export/share/protected-file.docx
# Check ACLs on a share root directory
tsmb-acls --get /export/share/
The output shows the security descriptor in SDDL format, which encodes the owner, group, and access control entries. Compare against the expected permissions when a user reports "access denied" errors.
tsmb-privilege — Windows Privilege Management
tsmb-privilege [<option>,...] <command> [<parameter>,...]
Controls Windows privileges granted to users. These privileges affect administrative operations on the server.
| Command | Description |
|---|---|
grant <privilege> <user> | Grant a privilege to a user |
revoke <privilege> <user> | Revoke a privilege from a user |
list | List all granted privileges |
Available Privileges
| Privilege | Effect |
|---|---|
SeSecurityPrivilege | Manage auditing and security logs |
SeTakeOwnershipPrivilege | Take ownership of files and objects |
TsmbServerOperatorsPrivilege | Server operator access |
TsmbServerShareOperatorsPrivilege | Share management access |
TsmbServerOpenOperatorsPrivilege | Open file operations access |
TsmbServerSessionOperatorsPrivilege | Session management access |
Support use — check privilege grants:
# List all privilege assignments
tsmb-privilege list
# Grant share management to a service account
tsmb-privilege grant TsmbServerShareOperatorsPrivilege DOMAIN\\svcadmin
tsmb-migrate — Winbind ID Migration
tsmb-migrate [<option>,...] [<command> [<parameter>,...]]
Imports Winbind ID mapping databases from Samba backends (tdb or autorid) into Fusion SMB's format. Used during migrations from Samba to Fusion SMB to preserve UID/GID mappings and avoid permission breakage.
Support use: This tool is relevant when a customer is migrating from a Samba deployment and needs to preserve existing identity mappings so that file ownership and permissions remain consistent.
Support Diagnostic Playbook
When a customer reports an issue, use these tools in sequence:
# 1. Confirm version
tsmb-server -v
# 2. Check server is running and capture statistics
tsmb-status stats --format json > /tmp/diag-stats.json
# 3. Review current configuration
tsmb-cfg global list --format json > /tmp/diag-config.json
tsmb-cfg share list --format json > /tmp/diag-shares.json
# 4. If permission issue — check ACLs on affected path
tsmb-acls --get /path/to/problem/file
# 5. If auth issue — check local user database
tsmb-passwd --list
tsmb-privilege list
# 6. Increase log verbosity for active diagnosis
sudo tsmb-cfg global update log_level "6 idmap:40"
# 7. Reproduce the issue, then collect logs
# (see Log Collection & Analysis page)
# 8. Revert log level
sudo tsmb-cfg global update log_level 3
Reference: For complete parameter documentation for each command, see the CLI Reference on docs.tuxera.com.