| 1 | <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>wbinfo</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="wbinfo"><a name="wbinfo.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>wbinfo — Query information from winbind daemon</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">wbinfo</code> [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-c] [--ccache-save] [--change-user-password] [-D domain] [--domain domain] [--dsgetdcname domain] [-g] [--getdcname domain] [--get-auth-user] [-G gid] [--gid-info] [--group-info] [--help|-?] [-i user] [-I ip] [-K user%password] [--lanman] [-m] [-n name] [-N netbios-name] [--ntlmv2] [--online-status] [--own-domain] [-p] [-P|--ping-dc] [-r user] [-R|--lookup-rids] [--remove-uid-mapping uid,sid] [--remove-gid-mapping gid,sid] [-s sid] [--separator] [--sequence] [--set-auth-user user%password] [--set-uid-mapping uid,sid] [--set-gid-mapping gid,sid] [-S sid] [--sid-aliases] [--sid-to-fullname] [-t] [-u] [--uid-info uid] [--usage] [--user-domgroups sid] [--user-sids sid] [-U uid] [-V] [--verbose] [-Y sid]</p></div></div><div class="refsect1" title="DESCRIPTION"><a name="id307072"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The <code class="literal">wbinfo</code> program queries and returns information
|
|---|
| 2 | created and used by the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon. </p><p>The <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon must be configured
|
|---|
| 3 | and running for the <code class="literal">wbinfo</code> program to be able
|
|---|
| 4 | to return information.</p></div><div class="refsect1" title="OPTIONS"><a name="id307121"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-a|--authenticate <em class="replaceable"><code>username%password</code></em></span></dt><dd><p>Attempt to authenticate a user via <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>.
|
|---|
| 5 | This checks both authentication methods and reports its results.
|
|---|
| 6 | </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Do not be tempted to use this
|
|---|
| 7 | functionality for authentication in third-party
|
|---|
| 8 | applications. Instead use <a class="citerefentry" href="ntlm_auth.1.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(1)</span></a>.</p></div></dd><dt><span class="term">--allocate-gid</span></dt><dd><p>Get a new GID out of idmap
|
|---|
| 9 | </p></dd><dt><span class="term">--allocate-uid</span></dt><dd><p>Get a new UID out of idmap
|
|---|
| 10 | </p></dd><dt><span class="term">--all-domains</span></dt><dd><p>List all domains (trusted and
|
|---|
| 11 | own domain).
|
|---|
| 12 | </p></dd><dt><span class="term">-c|--change-secret</span></dt><dd><p>Change the trust account password. May be used
|
|---|
| 13 | in conjunction with <code class="option">domain</code> in order to change
|
|---|
| 14 | interdomain trust account passwords.
|
|---|
| 15 | </p></dd><dt><span class="term">--ccache-save <em class="replaceable"><code>username%password</code></em></span></dt><dd><p>Store user and password for ccache.
|
|---|
| 16 | </p></dd><dt><span class="term">--change-user-password <em class="replaceable"><code>username</code></em></span></dt><dd><p>Change the password of a user. The old and new password will be prompted.
|
|---|
| 17 | </p></dd><dt><span class="term">--domain <em class="replaceable"><code>name</code></em></span></dt><dd><p>This parameter sets the domain on which any specified
|
|---|
| 18 | operations will performed. If special domain name '.' is used to represent
|
|---|
| 19 | the current domain to which <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> belongs. Currently only the
|
|---|
| 20 | <code class="option">--sequence</code>,
|
|---|
| 21 | <code class="option">-u</code>, and <code class="option">-g</code> options honor this parameter.
|
|---|
| 22 | </p></dd><dt><span class="term">-D|--domain-info <em class="replaceable"><code>domain</code></em></span></dt><dd><p>Show most of the info we have about the
|
|---|
| 23 | specified domain.
|
|---|
| 24 | </p></dd><dt><span class="term">--dsgetdcname <em class="replaceable"><code>domain</code></em></span></dt><dd><p>Find a DC for a domain.
|
|---|
| 25 | </p></dd><dt><span class="term">--gid-info <em class="replaceable"><code>gid</code></em></span></dt><dd><p>Get group info from gid.
|
|---|
| 26 | </p></dd><dt><span class="term">--group-info <em class="replaceable"><code>user</code></em></span></dt><dd><p>Get group info for user.
|
|---|
| 27 | </p></dd><dt><span class="term">-g|--domain-groups</span></dt><dd><p>This option will list all groups available
|
|---|
| 28 | in the Windows NT domain for which the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> daemon is operating in. Groups in all trusted domains
|
|---|
| 29 | will also be listed. Note that this operation does not assign
|
|---|
| 30 | group ids to any groups that have not already been
|
|---|
| 31 | seen by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>. </p></dd><dt><span class="term">--get-auth-user</span></dt><dd><p>Print username and password used by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>
|
|---|
| 32 | during session setup to a domain controller. Username
|
|---|
| 33 | and password can be set using <code class="option">--set-auth-user</code>.
|
|---|
| 34 | Only available for root.</p></dd><dt><span class="term">--getdcname <em class="replaceable"><code>domain</code></em></span></dt><dd><p>Get the DC name for the specified domain.
|
|---|
| 35 | </p></dd><dt><span class="term">-G|--gid-to-sid <em class="replaceable"><code>gid</code></em></span></dt><dd><p>Try to convert a UNIX group id to a Windows
|
|---|
| 36 | NT SID. If the gid specified does not refer to one within
|
|---|
| 37 | the idmap gid range then the operation will fail. </p></dd><dt><span class="term">-?</span></dt><dd><p>Print brief help overview.
|
|---|
| 38 | </p></dd><dt><span class="term">-i|--user-info <em class="replaceable"><code>user</code></em></span></dt><dd><p>Get user info.
|
|---|
| 39 | </p></dd><dt><span class="term">-I|--WINS-by-ip <em class="replaceable"><code>ip</code></em></span></dt><dd><p>The <em class="parameter"><code>-I</code></em> option
|
|---|
| 40 | queries <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> to send a node status
|
|---|
| 41 | request to get the NetBIOS name associated with the IP address
|
|---|
| 42 | specified by the <em class="parameter"><code>ip</code></em> parameter.
|
|---|
| 43 | </p></dd><dt><span class="term">-K|--krb5auth <em class="replaceable"><code>username%password</code></em></span></dt><dd><p>Attempt to authenticate a user via Kerberos.
|
|---|
| 44 | </p></dd><dt><span class="term">--lanman</span></dt><dd><p>Use lanman cryptography for user authentication.
|
|---|
| 45 | </p></dd><dt><span class="term">-m|--trusted-domains</span></dt><dd><p>Produce a list of domains trusted by the
|
|---|
| 46 | Windows NT server <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> contacts
|
|---|
| 47 | when resolving names. This list does not include the Windows
|
|---|
| 48 | NT domain the server is a Primary Domain Controller for.
|
|---|
| 49 | </p></dd><dt><span class="term">-n|--name-to-sid <em class="replaceable"><code>name</code></em></span></dt><dd><p>The <em class="parameter"><code>-n</code></em> option
|
|---|
| 50 | queries <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> for the SID
|
|---|
| 51 | associated with the name specified. Domain names can be specified
|
|---|
| 52 | before the user name by using the winbind separator character.
|
|---|
| 53 | For example CWDOM1/Administrator refers to the Administrator
|
|---|
| 54 | user in the domain CWDOM1. If no domain is specified then the
|
|---|
| 55 | domain used is the one specified in the <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> <em class="parameter"><code>workgroup
|
|---|
| 56 | </code></em> parameter. </p></dd><dt><span class="term">-N|--WINS-by-name <em class="replaceable"><code>name</code></em></span></dt><dd><p>The <em class="parameter"><code>-N</code></em> option
|
|---|
| 57 | queries <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> to query the WINS
|
|---|
| 58 | server for the IP address associated with the NetBIOS name
|
|---|
| 59 | specified by the <em class="parameter"><code>name</code></em> parameter.
|
|---|
| 60 | </p></dd><dt><span class="term">--ntlmv2</span></dt><dd><p>Use NTLMv2 cryptography for user authentication.
|
|---|
| 61 | </p></dd><dt><span class="term">--online-status <em class="replaceable"><code>domain</code></em></span></dt><dd><p>Show whether domains are marked as online or
|
|---|
| 62 | offline. An optional domain argument limits the
|
|---|
| 63 | output to the online status of a given domain.
|
|---|
| 64 | </p></dd><dt><span class="term">--own-domain</span></dt><dd><p>List own domain.
|
|---|
| 65 | </p></dd><dt><span class="term">-p|--ping</span></dt><dd><p>Check whether <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> is still alive.
|
|---|
| 66 | Prints out either 'succeeded' or 'failed'.
|
|---|
| 67 | </p></dd><dt><span class="term">-r|--user-groups <em class="replaceable"><code>username</code></em></span></dt><dd><p>Try to obtain the list of UNIX group ids
|
|---|
| 68 | to which the user belongs. This only works for users
|
|---|
| 69 | defined on a Domain Controller.
|
|---|
| 70 | </p></dd><dt><span class="term">-R|--lookup-rids <em class="replaceable"><code>rid1, rid2, rid3...</code></em></span></dt><dd><p>Converts RIDs to names. Uses a comma separated
|
|---|
| 71 | list of rids.
|
|---|
| 72 | </p></dd><dt><span class="term">-s|--sid-to-name <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Use <em class="parameter"><code>-s</code></em> to resolve
|
|---|
| 73 | a SID to a name. This is the inverse of the <em class="parameter"><code>-n
|
|---|
| 74 | </code></em> option above. SIDs must be specified as ASCII strings
|
|---|
| 75 | in the traditional Microsoft format. For example,
|
|---|
| 76 | S-1-5-21-1455342024-3071081365-2475485837-500. </p></dd><dt><span class="term">--separator</span></dt><dd><p>Get the active winbind separator.
|
|---|
| 77 | </p></dd><dt><span class="term">--sequence</span></dt><dd><p>Show sequence numbers of all known domains.
|
|---|
| 78 | </p></dd><dt><span class="term">--set-auth-user <em class="replaceable"><code>username%password</code></em></span></dt><dd><p>Store username and password used by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> during session setup to a domain controller. This enables
|
|---|
| 79 | winbindd to operate in a Windows 2000 domain with Restrict
|
|---|
| 80 | Anonymous turned on (a.k.a. Permissions compatible with
|
|---|
| 81 | Windows 2000 servers only).
|
|---|
| 82 | </p></dd><dt><span class="term">-S|--sid-to-uid <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Convert a SID to a UNIX user id. If the SID
|
|---|
| 83 | does not correspond to a UNIX user mapped by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> then the operation will fail. </p></dd><dt><span class="term">--sid-aliases <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Get SID aliases for a given SID.
|
|---|
| 84 | </p></dd><dt><span class="term">--sid-to-fullname <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Converts a SID to a full username
|
|---|
| 85 | (DOMAIN\username).
|
|---|
| 86 | </p></dd><dt><span class="term">-t|--check-secret</span></dt><dd><p>Verify that the workstation trust account
|
|---|
| 87 | created when the Samba server is added to the Windows NT
|
|---|
| 88 | domain is working. May be used in conjunction with
|
|---|
| 89 | <code class="option">domain</code> in order to verify interdomain
|
|---|
| 90 | trust accounts.</p></dd><dt><span class="term">-u|--domain-users</span></dt><dd><p>This option will list all users available
|
|---|
| 91 | in the Windows NT domain for which the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon is operating in. Users in all trusted domains
|
|---|
| 92 | will also be listed. Note that this operation does not assign
|
|---|
| 93 | user ids to any users that have not already been seen by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>
|
|---|
| 94 | .</p></dd><dt><span class="term">--uid-info <em class="replaceable"><code>uid</code></em></span></dt><dd><p>Get user info for the user connected to
|
|---|
| 95 | user id UID.</p></dd><dt><span class="term">--usage</span></dt><dd><p>Print brief help overview.
|
|---|
| 96 | </p></dd><dt><span class="term">--user-domgroups <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Get user domain groups.
|
|---|
| 97 | </p></dd><dt><span class="term">--user-sids <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Get user group SIDs for user.
|
|---|
| 98 | </p></dd><dt><span class="term">-U|--uid-to-sid <em class="replaceable"><code>uid</code></em></span></dt><dd><p>Try to convert a UNIX user id to a Windows NT
|
|---|
| 99 | SID. If the uid specified does not refer to one within
|
|---|
| 100 | the idmap uid range then the operation will fail. </p></dd><dt><span class="term">--verbose</span></dt><dd><p>
|
|---|
| 101 | Print additional information about the query results.
|
|---|
| 102 | </p></dd><dt><span class="term">-Y|--sid-to-gid <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Convert a SID to a UNIX group id. If the SID
|
|---|
| 103 | does not correspond to a UNIX group mapped by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> then
|
|---|
| 104 | the operation will fail. </p></dd><dt><span class="term">--remove-uid-mapping uid,sid</span></dt><dd><p>Remove an existing uid to sid mapping
|
|---|
| 105 | entry from the IDmap backend.</p></dd><dt><span class="term">--remove-gid-mapping gid,sid</span></dt><dd><p>Remove an existing gid to sid
|
|---|
| 106 | mapping entry from the IDmap backend.</p></dd><dt><span class="term">--set-uid-mapping uid,sid</span></dt><dd><p>Create a new or modify an existing uid to sid
|
|---|
| 107 | mapping in the IDmap backend.</p></dd><dt><span class="term">--set-gid-mapping gid,sid</span></dt><dd><p>Create a new or modify an existing gid to sid
|
|---|
| 108 | mapping in the IDmap backend.</p></dd><dt><span class="term">-V|--version</span></dt><dd><p>Prints the program version number.
|
|---|
| 109 | </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
|
|---|
| 110 | </p></dd></dl></div></div><div class="refsect1" title="EXIT STATUS"><a name="id307968"></a><h2>EXIT STATUS</h2><p>The wbinfo program returns 0 if the operation
|
|---|
| 111 | succeeded, or 1 if the operation failed. If the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon is not working <code class="literal">wbinfo</code> will always return
|
|---|
| 112 | failure. </p></div><div class="refsect1" title="VERSION"><a name="id307992"></a><h2>VERSION</h2><p>This man page is correct for version 3 of
|
|---|
| 113 | the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id308002"></a><h2>SEE ALSO</h2><p><a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> and <a class="citerefentry" href="ntlm_auth.1.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(1)</span></a></p></div><div class="refsect1" title="AUTHOR"><a name="id308025"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
|
|---|
| 114 | were created by Andrew Tridgell. Samba is now developed
|
|---|
| 115 | by the Samba Team as an Open Source project similar
|
|---|
| 116 | to the way the Linux kernel is developed.</p><p><code class="literal">wbinfo</code> and <code class="literal">winbindd</code>
|
|---|
| 117 | were written by Tim Potter.</p><p>The conversion to DocBook for Samba 2.2 was done
|
|---|
| 118 | by Gerald Carter. The conversion to DocBook XML 4.2 for Samba
|
|---|
| 119 | 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
|
|---|
