wbinfo1SambaUser Commands&doc.version;wbinfoQuery information from winbind daemonwbinfo-a user%password--all-domains--allocate-gid--allocate-uid-c--ccache-save--change-user-password-D domain--dc-info domain--domain domain--dsgetdcname domain-g--getdcname domain--get-auth-user-G gid--gid-info gid--group-info group--help|-?-i user-I ip-K user%password--krb5ccname cctype--lanman--logoff--logoff-uid uid--logoff-user username--lookup-sids-m-n name-N netbios-name--ntlmv1--ntlmv2--online-status--own-domain-p-P|--ping-dc--pam-logon user%password-r user-R|--lookup-rids--remove-gid-mapping gid,sid--remove-uid-mapping uid,sid-s sid--separator--sequence--set-auth-user user%password--set-gid-mapping gid,sid--set-uid-mapping uid,sid-S sid--sid-aliases sid--sid-to-fullname sid--sids-to-unix-ids sidlist-t-u--uid-info uid--usage--user-domgroups sid--user-sidinfo sid--user-sids sid-U uid-V--verbose-Y sidDESCRIPTIONThis tool is part of the samba7 suite.The wbinfo program queries and returns information
created and used by the winbindd8 daemon. The winbindd8 daemon must be configured
and running for the wbinfo program to be able
to return information.OPTIONS-a|--authenticate username%passwordAttempt to authenticate a user via winbindd8.
This checks both authentication methods and reports its results.
Do not be tempted to use this
functionality for authentication in third-party
applications. Instead use ntlm_auth1.--allocate-gidGet a new GID out of idmap
--allocate-uidGet a new UID out of idmap
--all-domainsList all domains (trusted and
own domain).
-c|--change-secretChange the trust account password. May be used
in conjunction with in order to change
interdomain trust account passwords.
--change-secret-at domain-controllerChange the trust account password at a specific
domain controller. Fails if the specified domain controller
cannot be contacted.
--ccache-save username%passwordStore user and password for ccache.
--change-user-password usernameChange the password of a user. The old and new password will be prompted.
--dc-info domainDisplays information about the current domain controller for a domain.
--domain nameThis parameter sets the domain on which any specified
operations will performed. If special domain name '.' is used to represent
the current domain to which winbindd8 belongs. A '*' as the domain name
means to enumerate over all domains (NOTE: This can take a long time and use
a lot of memory).
-D|--domain-info domainShow most of the info we have about the
specified domain.
--dsgetdcname domainFind a DC for a domain.
--gid-info gidGet group info from gid.
--group-info groupGet group info from group name.
-g|--domain-groupsThis option will list all groups available
in the Windows NT domain for which the samba7 daemon is operating in. Groups in all trusted domains
can be listed with the --domain='*' option. Note that this operation does not assign
group ids to any groups that have not already been
seen by winbindd8. --get-auth-userPrint username and password used by winbindd8
during session setup to a domain controller. Username
and password can be set using .
Only available for root.--getdcname domainGet the DC name for the specified domain.
-G|--gid-to-sid gidTry to convert a UNIX group id to a Windows
NT SID. If the gid specified does not refer to one within
the idmap gid range then the operation will fail. -?Print brief help overview.
-i|--user-info userGet user info.
-I|--WINS-by-ip ipThe -I option
queries winbindd8 to send a node status
request to get the NetBIOS name associated with the IP address
specified by the ip parameter.
-K|--krb5auth username%passwordAttempt to authenticate a user via Kerberos.
--krb5ccname KRB5CCNAMEAllows one to request a specific kerberos credential
cache type used for authentication.
--lanmanUse lanman cryptography for user authentication.
--logoffLogoff a user.
--logoff-uid UIDDefine user uid used during logoff request.
--logoff-user USERNAMEDefine username used during logoff request.
--lookup-sids SID1,SID2...Looks up SIDs. SIDs must be specified as ASCII strings in the traditional Microsoft
format. For example, S-1-5-21-1455342024-3071081365-2475485837-500.
-m|--trusted-domainsProduce a list of domains trusted by the
Windows NT server winbindd8 contacts
when resolving names. This list does not include the Windows
NT domain the server is a Primary Domain Controller for.
-n|--name-to-sid nameThe -n option
queries winbindd8 for the SID
associated with the name specified. Domain names can be specified
before the user name by using the winbind separator character.
For example CWDOM1/Administrator refers to the Administrator
user in the domain CWDOM1. If no domain is specified then the
domain used is the one specified in the smb.conf5workgroup
parameter. -N|--WINS-by-name nameThe -N option
queries winbindd8 to query the WINS
server for the IP address associated with the NetBIOS name
specified by the name parameter.
--ntlmv1Use NTLMv1 cryptography for user authentication.
--ntlmv2Use NTLMv2 cryptography for user
authentication. NTLMv2 is the default method, this
option is only maintained for compatibility.
--online-status domainDisplay whether winbind currently maintains an
active connection or not. An optional domain
argument limits the output to the online status
of a given domain.
--own-domainList own domain.
--pam-logon username%passwordAttempt to authenticate a user in the same way
pam_winbind would do.
-p|--pingCheck whether winbindd8 is still alive.
Prints out either 'succeeded' or 'failed'.
-P|--ping-dcIssue a no-effect command to our DC. This
checks if our secure channel connection to our domain
controller is still alive. It has much less impact than
wbinfo -t.
-r|--user-groups username
Try to obtain the list of UNIX group ids to which the
user belongs. This only works for users defined on a
Domain Controller.
There are two scenaries:
User authenticated: When the user has been
authenticated, the access token for the user is
cached. The correct group memberships are then
returned from the cached user token (which can
be outdated).
User *NOT* authenticated: The information is
queries from the domain controller using the
machine account credentials which have limited
permissions. The result is normally incomplete
and can be also incorrect.
-R|--lookup-rids rid1, rid2, rid3...Converts RIDs to names. Uses a comma separated
list of rids.
--remove-gid-mapping GID,SIDRemoves an existing GID to SID mapping from the database.
--remove-uid-mapping UID,SIDRemoves an existing UID to SID mapping from the database.
-s|--sid-to-name sidUse -s to resolve
a SID to a name. This is the inverse of the -n
option above. SIDs must be specified as ASCII strings
in the traditional Microsoft format. For example,
S-1-5-21-1455342024-3071081365-2475485837-500. --separatorGet the active winbind separator.
--sequenceThis command has been deprecated. Please use
the --online-status option instead.
--set-auth-user username%passwordStore username and password used by winbindd8 during session setup to a domain controller. This enables
winbindd to operate in a Windows 2000 domain with Restrict
Anonymous turned on (a.k.a. Permissions compatible with
Windows 2000 servers only).
--set-gid-mapping GID,SIDCreate a GID to SID mapping in the database.
--set-uid-mapping UID,SIDCreate a UID to SID mapping in the database.
-S|--sid-to-uid sidConvert a SID to a UNIX user id. If the SID
does not correspond to a UNIX user mapped by winbindd8 then the operation will fail. --sid-aliases sidGet SID aliases for a given SID.
--sid-to-fullname sidConverts a SID to a full username
(DOMAIN\username).
--sids-to-unix-ids sid1,sid2,sid3...Resolve SIDs to Unix IDs.
SIDs must be specified as ASCII strings
in the traditional Microsoft format. For example,
S-1-5-21-1455342024-3071081365-2475485837-500. -t|--check-secretVerify that the workstation trust account
created when the Samba server is added to the Windows NT
domain is working. May be used in conjunction with
in order to verify interdomain
trust accounts.-u|--domain-usersThis option will list all users available
in the Windows NT domain for which the winbindd8 daemon is operating in. Users in all trusted domains
can be listed with the --domain='*' option. Note that this operation does not assign
user ids to any users that have not already been seen by winbindd8
.--uid-info uidGet user info for the user connected to
user id UID.--usagePrint brief help overview.
--user-domgroups sidGet user domain groups.
--user-sidinfo sidGet user info by sid.
--user-sids sidGet user group SIDs for user.
-U|--uid-to-sid uidTry to convert a UNIX user id to a Windows NT
SID. If the uid specified does not refer to one within
the idmap range then the operation will fail. --verbose
Print additional information about the query results.
-Y|--sid-to-gid sidConvert a SID to a UNIX group id. If the SID
does not correspond to a UNIX group mapped by winbindd8 then
the operation will fail.
&cmdline.version;
&popt.autohelp;
EXIT STATUSThe wbinfo program returns 0 if the operation
succeeded, or 1 if the operation failed. If the winbindd8 daemon is not working wbinfo will always return
failure. VERSIONThis man page is part of version &doc.version; of
the Samba suite.SEE ALSOwinbindd8 and ntlm_auth1AUTHORThe original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.wbinfo and winbindd
were written by Tim Potter.The conversion to DocBook for Samba 2.2 was done
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba
3.0 was done by Alexander Bokovoy.