wbinfo
Query information from winbind daemon
see also :
winbindd - ntlm_auth
Synopsis
wbinfo
[-a user%password]
[--all-domains]
[--allocate-gid]
[--allocate-uid] [-c]
[--ccache-save]
[--change-user-password]
[-D domain] [--domain domain]
[--dsgetdcname domain] [-g]
[--getdcname domain]
[--get-auth-user]
[-G gid] [--gid-info]
[--group-info]
[--help|-?] [-i user]
[-I ip] [-K user%password]
[--lanman] [-m] [-n name]
[-N netbios-name] [--ntlmv2]
[--online-status]
[--own-domain] [-p]
[-P|--ping-dc] [-r user]
[-R|--lookup-rids]
[-s sid] [--separator]
[--set-auth-user user%password]
[-S sid] [--sid-aliases]
[--sid-to-fullname] [-t]
[-u] [--uid-info uid]
[--usage]
[--user-domgroups sid]
[--user-sids sid] [-U uid]
[-V] [--verbose] [-Y sid]
add an example, a script, a trick and tips
examples
no example yet ...
... Feel free to add your own example above to help other Linux-lovers !
description
This tool is
part of the samba(7) suite.
The wbinfo
program queries and returns information created and used by
the winbindd(8) daemon.
The
winbindd(8) daemon must be configured and running for
the wbinfo program to be able to return information.
options
-a|--authenticate
username%password
Attempt to authenticate a user
via winbindd(8). This checks both authentication
methods and reports its results.
Note
Do not be tempted to use this functionality for
authentication in third-party applications. Instead
use ntlm_auth(1).
--allocate-gid
Get a new GID out of
idmap
--allocate-uid
Get a new UID out of
idmap
--all-domains
List all domains (trusted
and own domain).
-c|--change-secret
Change the trust account
password. May be used in conjunction with domain in
order to change interdomain trust account
passwords.
--ccache-save
username%password
Store user and password
for ccache.
--change-user-password
username
Change the password of a
user. The old and new password will be prompted.
--domain
name
This parameter sets the
domain on which any specified operations will performed. If
special domain name ´.´ is used to represent the
current domain to which winbindd(8) belongs.
Currently only the -u, and -g
options honor this parameter.
-D|--domain-info
domain
Show most of the info we
have about the specified domain.
--dsgetdcname
domain
Find a DC for a
domain.
--gid-info
gid
Get group info from
gid.
--group-info
user
Get group info for
user.
-g|--domain-groups
This option will list all
groups available in the Windows NT domain for which the
samba(7) daemon is operating in. Groups in all
trusted domains will also be listed. Note that this
operation does not assign group ids to any groups that have
not already been seen by winbindd(8).
--get-auth-user
Print username and
password used by winbindd(8) during session setup to
a domain controller. Username and password can be set using
--set-auth-user. Only
available for root.
--getdcname
domain
Get the DC name for the
specified domain.
-G|--gid-to-sid
gid
Try to convert a UNIX
group id to a Windows NT SID. If the gid specified does not
refer to one within the idmap gid range then the operation
will fail.
-?
Print brief help
overview.
-i|--user-info
user
Get user info.
-I|--WINS-by-ip
ip
The -I option
queries winbindd(8) to send a node status request to
get the NetBIOS name associated with the IP address
specified by the ip parameter.
-K|--krb5auth
username%password
Attempt to authenticate a
user via Kerberos.
--lanman
Use lanman cryptography
for user authentication.
-m|--trusted-domains
Produce a list of domains
trusted by the Windows NT server winbindd(8) contacts
when resolving names. This list does not include the Windows
NT domain the server is a Primary Domain Controller
for.
-n|--name-to-sid
name
The -n option
queries winbindd(8) for the SID associated with the
name specified. Domain names can be specified before the
user name by using the winbind separator character. For
example CWDOM1/Administrator refers to the Administrator
user in the domain CWDOM1. If no domain is specified then
the domain used is the one specified in the
smb.conf(5) workgroup parameter.
-N|--WINS-by-name
name
The -N option
queries winbindd(8) to query the WINS server for the
IP address associated with the NetBIOS name specified by the
name parameter.
--ntlmv2
Use NTLMv2 cryptography
for user authentication.
--online-status
domain
Show whether domains are
marked as online or offline. An optional domain argument
limits the output to the online status of a given
domain.
--own-domain
List own domain.
-p|--ping
Check whether
winbindd(8) is still alive. Prints out either
´succeeded´ or ´failed´.
-P|--ping-dc
Issue a no-effect
command to our DC. This checks if our secure channel
connection to our domain controller is still alive. It has
much less impact than wbinfo -t.
-r|--user-groups
username
Try to obtain the list of
UNIX group ids to which the user belongs. This only works
for users defined on a Domain Controller.
-R|--lookup-rids
rid1, rid2, rid3...
Converts RIDs to names.
Uses a comma separated list of rids.
-s|--sid-to-name
sid
Use -s to
resolve a SID to a name. This is the inverse of the
-n option above. SIDs must be specified as
ASCII strings in the traditional Microsoft format. For
example,
S-1-5-21-1455342024-3071081365-2475485837-500.
--separator
Get the active winbind
separator.
--set-auth-user
username%password
Store username and
password used by winbindd(8) during session setup to
a domain controller. This enables winbindd to operate in a
Windows 2000 domain with Restrict Anonymous turned on
(a.k.a. Permissions compatible with Windows 2000 servers
only).
-S|--sid-to-uid
sid
Convert a SID to a UNIX
user id. If the SID does not correspond to a UNIX user
mapped by winbindd(8) then the operation will
fail.
--sid-aliases
sid
Get SID aliases for a
given SID.
--sid-to-fullname
sid
Converts a SID to a full
username (DOMAIN\username).
-t|--check-secret
Verify that the
workstation trust account created when the Samba server is
added to the Windows NT domain is working. May be used in
conjunction with domain in order to verify
interdomain trust accounts.
-u|--domain-users
This option will list all
users available in the Windows NT domain for which the
winbindd(8) daemon is operating in. Users in all
trusted domains will also be listed. Note that this
operation does not assign user ids to any users that have
not already been seen by winbindd(8) .
--uid-info
uid
Get user info for the user
connected to user id UID.
--usage
Print brief help
overview.
--user-domgroups
sid
Get user domain
groups.
--user-sids
sid
Get user group SIDs for
user.
-U|--uid-to-sid
uid
Try to convert a UNIX user
id to a Windows NT SID. If the uid specified does not refer
to one within the idmap range then the operation will
fail.
--verbose
Print additional
information about the query results.
-Y|--sid-to-gid
sid
Convert a SID to a UNIX
group id. If the SID does not correspond to a UNIX group
mapped by winbindd(8) then the operation will
fail.
-V|--version
Prints the program version
number.
-h|--help
Print a summary of command
line options.
exit status
The wbinfo program returns 0 if the operation succeeded, or 1 if
the operation failed. If the winbindd(8) daemon is not
working wbinfo will always return failure.
version
This man page is correct for version 3 of the Samba suite.
see also
winbindd
and ntlm_auth
author
The
original Samba software and related utilities were created
by Andrew Tridgell. Samba is now developed by the Samba Team
as an Open Source project similar to the way the Linux
kernel is developed.
wbinfo and
winbindd were written by Tim Potter.
The
conversion to DocBook for Samba 2.2 was done by Gerald
Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was
done by Alexander Bokovoy.