WBINFO(1) User Commands WBINFO(1)
wbinfo - Query information from winbind daemon
wbinfo [-a user%password] [--all-domains] [--allocate-gid] [--allocate-uid] [-c]
[--ccache-save] [--change-user-password] [-D domain] [--dc-info domain] [--domain domain]
[--dsgetdcname domain] [-g] [--getdcname domain] [--get-auth-user] [-G gid]
[--gid-info gid] [--group-info group] [--help|-?] [-i user] [-I ip] [-K user%password]
[--krb5ccname cctype] [--lanman] [--logoff] [--logoff-uid uid] [--logoff-user username]
[--lookup-sids] [-m] [-n name] [-N netbios-name] [--ntlmv2] [--online-status]
[--own-domain] [-p] [-P|--ping-dc] [--pam-logon user%password] [-r user]
[-R|--lookup-rids] [--remove-gid-mapping gid,sid] [--remove-uid-mapping uid,sid] [-s sid]
[--separator] [--sequence] [--set-auth-user user%password] [--set-gid-mapping gid,sid]
[--set-uid-mapping uid,sid] [-S sid] [--sid-aliases sid] [--sid-to-fullname sid]
[--sids-to-unix-ids sidlist] [-t] [-u] [--uid-info uid] [--usage] [--user-domgroups sid]
[--user-sidinfo sid] [--user-sids sid] [-U uid] [-V] [--verbose] [-Y sid]
This tool is part of the samba(7) suite.
The wbinfo program queries and returns information created and used by the winbindd(8)
The winbindd(8) daemon must be configured and running for the wbinfo program to be able to
Attempt to authenticate a user via winbindd(8). This checks both authentication
methods and reports its results.
Do not be tempted to use this functionality for authentication in third-party
applications. Instead use ntlm_auth(1).
Get a new GID out of idmap
Get a new UID out of idmap
List all domains (trusted and own domain).
Change the trust account password. May be used in conjunction with domain in order to
change interdomain trust account passwords.
Store user and password for ccache.
Change the password of a user. The old and new password will be prompted.
Displays information about the current domain controller for a domain.
This parameter sets the domain on which any specified operations will performed. If
special domain name '.' is used to represent the current domain to which winbindd(8)
belongs. Currently only the -u, and -g options honor this parameter.
Show most of the info we have about the specified domain.
Find a DC for a domain.
Get group info from gid.
Get group info from group name.
This option will list all groups available in the Windows NT domain for which the
samba(7) daemon is operating in. Groups in all trusted domains will also be listed.
Note that this operation does not assign group ids to any groups that have not already
been seen by winbindd(8).
Print username and password used by winbindd(8) during session setup to a domain
controller. Username and password can be set using --set-auth-user. Only available for
Get the DC name for the specified domain.
Try to convert a UNIX group id to a Windows NT SID. If the gid specified does not
refer to one within the idmap gid range then the operation will fail.
Print brief help overview.
Get user info.
The -I option queries winbindd(8) to send a node status request to get the NetBIOS
name associated with the IP address specified by the ip parameter.
Attempt to authenticate a user via Kerberos.
Allows to request a sepcific kerberos credential cache type used for authentication.
Use lanman cryptography for user authentication.
Logoff a user.
Define user uid used during logoff request.
Define username used during logoff request.
Looks up SIDs. SIDs must be specified as ASCII strings in the traditional Microsoft
format. For example, S-1-5-21-1455342024-3071081365-2475485837-500.
Produce a list of domains trusted by the Windows NT server winbindd(8) contacts when
resolving names. This list does not include the Windows NT domain the server is a
Primary Domain Controller for.
The -n option queries winbindd(8) for the SID associated with the name specified.
Domain names can be specified before the user name by using the winbind separator
character. For example CWDOM1/Administrator refers to the Administrator user in the
domain CWDOM1. If no domain is specified then the domain used is the one specified in
the smb.conf(5)workgroup parameter.
The -N option queries winbindd(8) to query the WINS server for the IP address
associated with the NetBIOS name specified by the name parameter.
Use NTLMv2 cryptography for user authentication.
Show whether domains are marked as online or offline. An optional domain argument
limits the output to the online status of a given domain.
List own domain.
Attempt to authenticate a user in the same way pam_winbind would do.
Check whether winbindd(8) is still alive. Prints out either 'succeeded' or 'failed'.
Issue a no-effect command to our DC. This checks if our secure channel connection to
our domain controller is still alive. It has much less impact than wbinfo -t.
Try to obtain the list of UNIX group ids to which the user belongs. This only works
for users defined on a Domain Controller.
-R|--lookup-rids rid1, rid2, rid3...
Converts RIDs to names. Uses a comma separated list of rids.
Removes an existing GID to SID mapping from the database.
Removes an existing UID to SID mapping from the database.
Use -s to resolve a SID to a name. This is the inverse of the -n option above. SIDs
must be specified as ASCII strings in the traditional Microsoft format. For example,
Get the active winbind separator.
This command has been deprecated. Please use the --online-status option instead.
Store username and password used by winbindd(8) during session setup to a domain
controller. This enables winbindd to operate in a Windows 2000 domain with Restrict
Anonymous turned on (a.k.a. Permissions compatible with Windows 2000 servers only).
Create a GID to SID mapping in the database.
Create a UID to SID mapping in the database.
Convert a SID to a UNIX user id. If the SID does not correspond to a UNIX user mapped
by winbindd(8) then the operation will fail.
Get SID aliases for a given SID.
Converts a SID to a full username (DOMAIN\username).
Resolve SIDs to Unix IDs. SIDs must be specified as ASCII strings in the traditional
Microsoft format. For example, S-1-5-21-1455342024-3071081365-2475485837-500.
Verify that the workstation trust account created when the Samba server is added to
the Windows NT domain is working. May be used in conjunction with domain in order to
verify interdomain trust accounts.
This option will list all users available in the Windows NT domain for which the
winbindd(8) daemon is operating in. Users in all trusted domains will also be listed.
Note that this operation does not assign user ids to any users that have not already
been seen by winbindd(8) .
Get user info for the user connected to user id UID.
Print brief help overview.
Get user domain groups.
Get user info by sid.
Get user group SIDs for user.
Try to convert a UNIX user id to a Windows NT SID. If the uid specified does not refer
to one within the idmap range then the operation will fail.
Print additional information about the query results.
Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX group
mapped by winbindd(8) then the operation will fail.
Prints the program version number.
Print a summary of command line options.
The wbinfo program returns 0 if the operation succeeded, or 1 if the operation failed. If
the winbindd(8) daemon is not working wbinfo will always return failure.
This man page is correct for version 3 of the Samba suite.
winbindd(8) and ntlm_auth(1)
The original Samba software and related utilities were created by Andrew Tridgell. Samba
is now developed by the Samba Team as an Open Source project similar to the way the Linux
kernel is developed.
wbinfo and winbindd were written by Tim Potter.
The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to
DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.
Samba 4.0 06/17/2014 WBINFO(1)