You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
118 lines
16 KiB
HTML
118 lines
16 KiB
HTML
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>wbinfo</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" title="wbinfo"><a name="wbinfo.1"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>wbinfo — Query information from winbind daemon</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">wbinfo</code> [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-c] [--ccache-save] [--change-user-password] [-D domain] [--domain domain] [--dsgetdcname domain] [-g] [--getdcname domain] [--get-auth-user] [-G gid] [--gid-info] [--group-info] [--help|-?] [-i user] [-I ip] [-K user%password] [--lanman] [-m] [-n name] [-N netbios-name] [--ntlmv2] [--online-status] [--own-domain] [-p] [-P|--ping-dc] [-r user] [-R|--lookup-rids] [-s sid] [--separator] [--set-auth-user user%password] [-S sid] [--sid-aliases] [--sid-to-fullname] [-t] [-u] [--uid-info uid] [--usage] [--user-domgroups sid] [--user-sids sid] [-U uid] [-V] [--verbose] [-Y sid]</p></div></div><div class="refsect1" title="DESCRIPTION"><a name="id265981"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> suite.</p><p>The <code class="literal">wbinfo</code> program queries and returns information
|
|
created and used by the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon. </p><p>The <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon must be configured
|
|
and running for the <code class="literal">wbinfo</code> program to be able
|
|
to return information.</p></div><div class="refsect1" title="OPTIONS"><a name="id307086"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-a|--authenticate <em class="replaceable"><code>username%password</code></em></span></dt><dd><p>Attempt to authenticate a user via <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>.
|
|
This checks both authentication methods and reports its results.
|
|
</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Do not be tempted to use this
|
|
functionality for authentication in third-party
|
|
applications. Instead use <a class="citerefentry" href="ntlm_auth.1.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(1)</span></a>.</p></div></dd><dt><span class="term">--allocate-gid</span></dt><dd><p>Get a new GID out of idmap
|
|
</p></dd><dt><span class="term">--allocate-uid</span></dt><dd><p>Get a new UID out of idmap
|
|
</p></dd><dt><span class="term">--all-domains</span></dt><dd><p>List all domains (trusted and
|
|
own domain).
|
|
</p></dd><dt><span class="term">-c|--change-secret</span></dt><dd><p>Change the trust account password. May be used
|
|
in conjunction with <code class="option">domain</code> in order to change
|
|
interdomain trust account passwords.
|
|
</p></dd><dt><span class="term">--ccache-save <em class="replaceable"><code>username%password</code></em></span></dt><dd><p>Store user and password for ccache.
|
|
</p></dd><dt><span class="term">--change-user-password <em class="replaceable"><code>username</code></em></span></dt><dd><p>Change the password of a user. The old and new password will be prompted.
|
|
</p></dd><dt><span class="term">--domain <em class="replaceable"><code>name</code></em></span></dt><dd><p>This parameter sets the domain on which any specified
|
|
operations will performed. If special domain name '.' is used to represent
|
|
the current domain to which <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> belongs. Currently only the
|
|
<code class="option">-u</code>, and <code class="option">-g</code> options honor this parameter.
|
|
</p></dd><dt><span class="term">-D|--domain-info <em class="replaceable"><code>domain</code></em></span></dt><dd><p>Show most of the info we have about the
|
|
specified domain.
|
|
</p></dd><dt><span class="term">--dsgetdcname <em class="replaceable"><code>domain</code></em></span></dt><dd><p>Find a DC for a domain.
|
|
</p></dd><dt><span class="term">--gid-info <em class="replaceable"><code>gid</code></em></span></dt><dd><p>Get group info from gid.
|
|
</p></dd><dt><span class="term">--group-info <em class="replaceable"><code>user</code></em></span></dt><dd><p>Get group info for user.
|
|
</p></dd><dt><span class="term">-g|--domain-groups</span></dt><dd><p>This option will list all groups available
|
|
in the Windows NT domain for which the <a class="citerefentry" href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a> daemon is operating in. Groups in all trusted domains
|
|
will also be listed. Note that this operation does not assign
|
|
group ids to any groups that have not already been
|
|
seen by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>. </p></dd><dt><span class="term">--get-auth-user</span></dt><dd><p>Print username and password used by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>
|
|
during session setup to a domain controller. Username
|
|
and password can be set using <code class="option">--set-auth-user</code>.
|
|
Only available for root.</p></dd><dt><span class="term">--getdcname <em class="replaceable"><code>domain</code></em></span></dt><dd><p>Get the DC name for the specified domain.
|
|
</p></dd><dt><span class="term">-G|--gid-to-sid <em class="replaceable"><code>gid</code></em></span></dt><dd><p>Try to convert a UNIX group id to a Windows
|
|
NT SID. If the gid specified does not refer to one within
|
|
the idmap gid range then the operation will fail. </p></dd><dt><span class="term">-?</span></dt><dd><p>Print brief help overview.
|
|
</p></dd><dt><span class="term">-i|--user-info <em class="replaceable"><code>user</code></em></span></dt><dd><p>Get user info.
|
|
</p></dd><dt><span class="term">-I|--WINS-by-ip <em class="replaceable"><code>ip</code></em></span></dt><dd><p>The <em class="parameter"><code>-I</code></em> option
|
|
queries <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> to send a node status
|
|
request to get the NetBIOS name associated with the IP address
|
|
specified by the <em class="parameter"><code>ip</code></em> parameter.
|
|
</p></dd><dt><span class="term">-K|--krb5auth <em class="replaceable"><code>username%password</code></em></span></dt><dd><p>Attempt to authenticate a user via Kerberos.
|
|
</p></dd><dt><span class="term">--lanman</span></dt><dd><p>Use lanman cryptography for user authentication.
|
|
</p></dd><dt><span class="term">-m|--trusted-domains</span></dt><dd><p>Produce a list of domains trusted by the
|
|
Windows NT server <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> contacts
|
|
when resolving names. This list does not include the Windows
|
|
NT domain the server is a Primary Domain Controller for.
|
|
</p></dd><dt><span class="term">-n|--name-to-sid <em class="replaceable"><code>name</code></em></span></dt><dd><p>The <em class="parameter"><code>-n</code></em> option
|
|
queries <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> for the SID
|
|
associated with the name specified. Domain names can be specified
|
|
before the user name by using the winbind separator character.
|
|
For example CWDOM1/Administrator refers to the Administrator
|
|
user in the domain CWDOM1. If no domain is specified then the
|
|
domain used is the one specified in the <a class="citerefentry" href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> <em class="parameter"><code>workgroup
|
|
</code></em> parameter. </p></dd><dt><span class="term">-N|--WINS-by-name <em class="replaceable"><code>name</code></em></span></dt><dd><p>The <em class="parameter"><code>-N</code></em> option
|
|
queries <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> to query the WINS
|
|
server for the IP address associated with the NetBIOS name
|
|
specified by the <em class="parameter"><code>name</code></em> parameter.
|
|
</p></dd><dt><span class="term">--ntlmv2</span></dt><dd><p>Use NTLMv2 cryptography for user authentication.
|
|
</p></dd><dt><span class="term">--online-status <em class="replaceable"><code>domain</code></em></span></dt><dd><p>Show whether domains are marked as online or
|
|
offline. An optional domain argument limits the
|
|
output to the online status of a given domain.
|
|
</p></dd><dt><span class="term">--own-domain</span></dt><dd><p>List own domain.
|
|
</p></dd><dt><span class="term">-p|--ping</span></dt><dd><p>Check whether <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> is still alive.
|
|
Prints out either 'succeeded' or 'failed'.
|
|
</p></dd><dt><span class="term">-P|--ping-dc</span></dt><dd><p>Issue a no-effect command to our DC. This
|
|
checks if our secure channel connection to our domain
|
|
controller is still alive. It has much less impact than
|
|
wbinfo -t.
|
|
</p></dd><dt><span class="term">-r|--user-groups <em class="replaceable"><code>username</code></em></span></dt><dd><p>Try to obtain the list of UNIX group ids
|
|
to which the user belongs. This only works for users
|
|
defined on a Domain Controller.
|
|
</p></dd><dt><span class="term">-R|--lookup-rids <em class="replaceable"><code>rid1, rid2, rid3...</code></em></span></dt><dd><p>Converts RIDs to names. Uses a comma separated
|
|
list of rids.
|
|
</p></dd><dt><span class="term">-s|--sid-to-name <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Use <em class="parameter"><code>-s</code></em> to resolve
|
|
a SID to a name. This is the inverse of the <em class="parameter"><code>-n
|
|
</code></em> option above. SIDs must be specified as ASCII strings
|
|
in the traditional Microsoft format. For example,
|
|
S-1-5-21-1455342024-3071081365-2475485837-500. </p></dd><dt><span class="term">--separator</span></dt><dd><p>Get the active winbind separator.
|
|
</p></dd><dt><span class="term">--set-auth-user <em class="replaceable"><code>username%password</code></em></span></dt><dd><p>Store username and password used by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> during session setup to a domain controller. This enables
|
|
winbindd to operate in a Windows 2000 domain with Restrict
|
|
Anonymous turned on (a.k.a. Permissions compatible with
|
|
Windows 2000 servers only).
|
|
</p></dd><dt><span class="term">-S|--sid-to-uid <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Convert a SID to a UNIX user id. If the SID
|
|
does not correspond to a UNIX user mapped by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> then the operation will fail. </p></dd><dt><span class="term">--sid-aliases <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Get SID aliases for a given SID.
|
|
</p></dd><dt><span class="term">--sid-to-fullname <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Converts a SID to a full username
|
|
(DOMAIN\username).
|
|
</p></dd><dt><span class="term">-t|--check-secret</span></dt><dd><p>Verify that the workstation trust account
|
|
created when the Samba server is added to the Windows NT
|
|
domain is working. May be used in conjunction with
|
|
<code class="option">domain</code> in order to verify interdomain
|
|
trust accounts.</p></dd><dt><span class="term">-u|--domain-users</span></dt><dd><p>This option will list all users available
|
|
in the Windows NT domain for which the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon is operating in. Users in all trusted domains
|
|
will also be listed. Note that this operation does not assign
|
|
user ids to any users that have not already been seen by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>
|
|
.</p></dd><dt><span class="term">--uid-info <em class="replaceable"><code>uid</code></em></span></dt><dd><p>Get user info for the user connected to
|
|
user id UID.</p></dd><dt><span class="term">--usage</span></dt><dd><p>Print brief help overview.
|
|
</p></dd><dt><span class="term">--user-domgroups <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Get user domain groups.
|
|
</p></dd><dt><span class="term">--user-sids <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Get user group SIDs for user.
|
|
</p></dd><dt><span class="term">-U|--uid-to-sid <em class="replaceable"><code>uid</code></em></span></dt><dd><p>Try to convert a UNIX user id to a Windows NT
|
|
SID. If the uid specified does not refer to one within
|
|
the idmap range then the operation will fail. </p></dd><dt><span class="term">--verbose</span></dt><dd><p>
|
|
Print additional information about the query results.
|
|
</p></dd><dt><span class="term">-Y|--sid-to-gid <em class="replaceable"><code>sid</code></em></span></dt><dd><p>Convert a SID to a UNIX group id. If the SID
|
|
does not correspond to a UNIX group mapped by <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> then
|
|
the operation will fail. </p></dd><dt><span class="term">-V|--version</span></dt><dd><p>Prints the program version number.
|
|
</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
|
|
</p></dd></dl></div></div><div class="refsect1" title="EXIT STATUS"><a name="id307884"></a><h2>EXIT STATUS</h2><p>The wbinfo program returns 0 if the operation
|
|
succeeded, or 1 if the operation failed. If the <a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon is not working <code class="literal">wbinfo</code> will always return
|
|
failure. </p></div><div class="refsect1" title="VERSION"><a name="id307908"></a><h2>VERSION</h2><p>This man page is correct for version 3 of
|
|
the Samba suite.</p></div><div class="refsect1" title="SEE ALSO"><a name="id307918"></a><h2>SEE ALSO</h2><p><a class="citerefentry" href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> and <a class="citerefentry" href="ntlm_auth.1.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(1)</span></a></p></div><div class="refsect1" title="AUTHOR"><a name="id307941"></a><h2>AUTHOR</h2><p>The original Samba software and related utilities
|
|
were created by Andrew Tridgell. Samba is now developed
|
|
by the Samba Team as an Open Source project similar
|
|
to the way the Linux kernel is developed.</p><p><code class="literal">wbinfo</code> and <code class="literal">winbindd</code>
|
|
were written by Tim Potter.</p><p>The conversion to DocBook for Samba 2.2 was done
|
|
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba
|
|
3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
|