1 <?xml version="1.0" encoding="iso-8859-1"?>
2 <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
3 <refentry id="wbinfo.1">
6 <refentrytitle>wbinfo</refentrytitle>
7 <manvolnum>1</manvolnum>
12 <refname>wbinfo</refname>
13 <refpurpose>Query information from winbind daemon</refpurpose>
18 <command>wbinfo</command>
19 <arg choice="opt">-a user%password</arg>
20 <arg choice="opt">--all-domains</arg>
21 <arg choice="opt">--allocate-gid</arg>
22 <arg choice="opt">--allocate-uid</arg>
23 <arg choice="opt">-D domain</arg>
24 <arg choice="opt">--domain domain</arg>
25 <arg choice="opt">-g</arg>
26 <arg choice="opt">--getdcname domain</arg>
27 <arg choice="opt">--get-auth-user</arg>
28 <arg choice="opt">-G gid</arg>
29 <arg choice="opt">-h</arg>
30 <arg choice="opt">-i user</arg>
31 <arg choice="opt">-I ip</arg>
32 <arg choice="opt">-K user%password</arg>
33 <arg choice="opt">-m</arg>
34 <arg choice="opt">-n name</arg>
35 <arg choice="opt">-N netbios-name</arg>
36 <arg choice="opt">--own-domain</arg>
37 <arg choice="opt">-p</arg>
38 <arg choice="opt">-r user</arg>
39 <arg choice="opt">-s sid</arg>
40 <arg choice="opt">--separator</arg>
41 <arg choice="opt">--sequence</arg>
42 <arg choice="opt">--set-auth-user user%password</arg>
43 <arg choice="opt">-S sid</arg>
44 <arg choice="opt">-t</arg>
45 <arg choice="opt">-u</arg>
46 <arg choice="opt">--uid-info uid</arg>
47 <arg choice="opt">--user-domgroups sid</arg>
48 <arg choice="opt">--user-sids sid</arg>
49 <arg choice="opt">-U uid</arg>
50 <arg choice="opt">-V</arg>
51 <arg choice="opt">-Y sid</arg>
52 <arg choice="opt">--verbose</arg>
57 <title>DESCRIPTION</title>
59 <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
60 <manvolnum>7</manvolnum></citerefentry> suite.</para>
62 <para>The <command>wbinfo</command> program queries and returns information
63 created and used by the <citerefentry><refentrytitle>winbindd</refentrytitle>
64 <manvolnum>8</manvolnum></citerefentry> daemon. </para>
66 <para>The <citerefentry><refentrytitle>winbindd</refentrytitle>
67 <manvolnum>8</manvolnum></citerefentry> daemon must be configured
68 and running for the <command>wbinfo</command> program to be able
69 to return information.</para>
73 <title>OPTIONS</title>
77 <term>-a|--authenticate username%password</term>
78 <listitem><para>Attempt to authenticate a user via winbindd.
79 This checks both authenticaion methods and reports its results.
80 </para><note><para>Do not be tempted to use this
81 functionality for authentication in third-party
82 applications. Instead use <citerefentry><refentrytitle>ntlm_auth</refentrytitle>
83 <manvolnum>1</manvolnum></citerefentry>.</para></note></listitem>
87 <term>--allocate-gid</term>
88 <listitem><para>Get a new GID out of idmap
93 <term>--allocate-uid</term>
94 <listitem><para>Get a new UID out of idmap
99 <term>--all-domains</term>
100 <listitem><para>List all domains (trusted and
106 <term>--domain name</term>
107 <listitem><para>This parameter sets the domain on which any specified
108 operations will performed. If special domain name '.' is used to represent
109 the current domain to which winbindd belongs. Currently only the
110 <option>--sequence</option>,
111 <option>-u</option>, and <option>-g</option> options honor this parameter.
116 <term>-D|--domain-info domain</term>
117 <listitem><para>Show most of the info we have about the domain.
122 <term>-g|--domain-groups</term>
123 <listitem><para>This option will list all groups available
124 in the Windows NT domain for which the <citerefentry><refentrytitle>samba</refentrytitle>
125 <manvolnum>7</manvolnum></citerefentry> daemon is operating in. Groups in all trusted domains
126 will also be listed. Note that this operation does not assign
127 group ids to any groups that have not already been
128 seen by <citerefentry><refentrytitle>winbindd</refentrytitle>
129 <manvolnum>8</manvolnum></citerefentry>. </para></listitem>
133 <term>--get-auth-user</term>
134 <listitem><para>Print username and password used by winbindd
135 during session setup to a domain controller. Username
136 and password can be set using <option>--set-auth-user</option>.
137 Only available for root.</para></listitem>
141 <term>--getdcname domain</term>
142 <listitem><para>Get the DC name for the specified domain.
147 <term>-G|--gid-to-sid gid</term>
148 <listitem><para>Try to convert a UNIX group id to a Windows
149 NT SID. If the gid specified does not refer to one within
150 the idmap gid range then the operation will fail. </para></listitem>
154 <term>-i|--user-info user</term>
155 <listitem><para>Get user info.
160 <term>-I|--WINS-by-ip ip</term>
161 <listitem><para>The <parameter>-I</parameter> option
162 queries <citerefentry><refentrytitle>winbindd</refentrytitle>
163 <manvolnum>8</manvolnum></citerefentry> to send a node status
164 request to get the NetBIOS name associated with the IP address
165 specified by the <parameter>ip</parameter> parameter.
170 <term>-K|--krb5auth username%password</term>
171 <listitem><para>Attempt to authenticate a user via Kerberos.
176 <term>-m|--trusted-domains</term>
177 <listitem><para>Produce a list of domains trusted by the
178 Windows NT server <citerefentry><refentrytitle>winbindd</refentrytitle>
179 <manvolnum>8</manvolnum></citerefentry> contacts
180 when resolving names. This list does not include the Windows
181 NT domain the server is a Primary Domain Controller for.
186 <term>-n|--name-to-sid name</term>
187 <listitem><para>The <parameter>-n</parameter> option
188 queries <citerefentry><refentrytitle>winbindd</refentrytitle>
189 <manvolnum>8</manvolnum></citerefentry> for the SID
190 associated with the name specified. Domain names can be specified
191 before the user name by using the winbind separator character.
192 For example CWDOM1/Administrator refers to the Administrator
193 user in the domain CWDOM1. If no domain is specified then the
194 domain used is the one specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
195 <manvolnum>5</manvolnum></citerefentry> <parameter>workgroup
196 </parameter> parameter. </para></listitem>
200 <term>-N|--WINS-by-name name</term>
201 <listitem><para>The <parameter>-N</parameter> option
202 queries <citerefentry><refentrytitle>winbindd</refentrytitle>
203 <manvolnum>8</manvolnum></citerefentry> to query the WINS
204 server for the IP address associated with the NetBIOS name
205 specified by the <parameter>name</parameter> parameter.
210 <term>--own-domain</term>
211 <listitem><para>List own domain.
216 <term>-p|--ping</term>
217 <listitem><para>Check whether winbindd is still alive.
218 Prints out either 'succeeded' or 'failed'.
223 <term>-r|--user-groups username</term>
224 <listitem><para>Try to obtain the list of UNIX group ids
225 to which the user belongs. This only works for users
226 defined on a Domain Controller.
231 <term>-s|--sid-to-name sid</term>
232 <listitem><para>Use <parameter>-s</parameter> to resolve
233 a SID to a name. This is the inverse of the <parameter>-n
234 </parameter> option above. SIDs must be specified as ASCII strings
235 in the traditional Microsoft format. For example,
236 S-1-5-21-1455342024-3071081365-2475485837-500. </para></listitem>
240 <term>--separator</term>
241 <listitem><para>Get the active winbind separator.
246 <term>--sequence</term>
247 <listitem><para>Show sequence numbers of
248 all known domains</para></listitem>
252 <term>--set-auth-user username%password</term>
253 <listitem><para>Store username and password used by winbindd
254 during session setup to a domain controller. This enables
255 winbindd to operate in a Windows 2000 domain with Restrict
256 Anonymous turned on (a.k.a. Permissions compatible with
257 Windows 2000 servers only).
262 <term>-S|--sid-to-uid sid</term>
263 <listitem><para>Convert a SID to a UNIX user id. If the SID
264 does not correspond to a UNIX user mapped by <citerefentry>
265 <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum>
266 </citerefentry> then the operation will fail. </para></listitem>
270 <term>-t|--check-secret</term>
271 <listitem><para>Verify that the workstation trust account
272 created when the Samba server is added to the Windows NT
273 domain is working. </para></listitem>
277 <term>-u|--domain-users</term>
278 <listitem><para>This option will list all users available
279 in the Windows NT domain for which the <citerefentry><refentrytitle>winbindd</refentrytitle>
280 <manvolnum>8</manvolnum></citerefentry> daemon is operating in. Users in all trusted domains
281 will also be listed. Note that this operation does not assign
282 user ids to any users that have not already been seen by <citerefentry>
283 <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
288 <term>--uid-info UID</term>
289 <listitem><para>Get user info for the user conencted to
290 user id UID.</para></listitem>
294 <term>--user-domgroups SID</term>
295 <listitem><para>Get user domain groups.
300 <term>--user-sids SID</term>
301 <listitem><para>Get user group SIDs for user.
306 <term>-U|--uid-to-sid uid</term>
307 <listitem><para>Try to convert a UNIX user id to a Windows NT
308 SID. If the uid specified does not refer to one within
309 the idmap uid range then the operation will fail. </para></listitem>
313 <term>--verbose</term>
315 Print additional information about the query
321 <term>-Y|--sid-to-gid sid</term>
322 <listitem><para>Convert a SID to a UNIX group id. If the SID
323 does not correspond to a UNIX group mapped by <citerefentry>
324 <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> then
325 the operation will fail. </para></listitem>
337 <title>EXIT STATUS</title>
339 <para>The wbinfo program returns 0 if the operation
340 succeeded, or 1 if the operation failed. If the <citerefentry>
341 <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum>
342 </citerefentry> daemon is not working <command>wbinfo</command> will always return
348 <title>VERSION</title>
350 <para>This man page is correct for version 3.0 of
351 the Samba suite.</para>
355 <title>SEE ALSO</title>
356 <para><citerefentry><refentrytitle>winbindd</refentrytitle>
357 <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>ntlm_auth</refentrytitle>
358 <manvolnum>1</manvolnum></citerefentry></para>
362 <title>AUTHOR</title>
364 <para>The original Samba software and related utilities
365 were created by Andrew Tridgell. Samba is now developed
366 by the Samba Team as an Open Source project similar
367 to the way the Linux kernel is developed.</para>
369 <para><command>wbinfo</command> and <command>winbindd</command>
370 were written by Tim Potter.</para>
372 <para>The conversion to DocBook for Samba 2.2 was done
373 by Gerald Carter. The conversion to DocBook XML 4.2 for Samba
374 3.0 was done by Alexander Bokovoy.</para>