--- /dev/null
+
+
+
+
+
+<html><head><title>wbinfo (1)</title>
+
+<link rev="made" href="mailto:samba-bugs@samba.org">
+</head>
+<body>
+
+<hr>
+
+<h1>wbinfo (1)</h1>
+<h2>Samba</h2>
+<h2>13 Jun 2000</h2>
+
+
+
+<p><a name="NAME"></a>
+<h2>NAME</h2>
+ wbinfo - Query information from winbind daemon
+<p><a name="SYNOPSIS"></a>
+<h2>SYNOPSIS</h2>
+
+<p><strong>wbinfo</strong> <a href="wbinfo.1.html#minusu">-u</a> [<a href="wbinfo.1.html#minusg">-g</a>] [<a href="wbinfo.1.html#minusn">-n name</a>]
+[<a href="wbinfo.1.html#minuss">-s sid</a>] [<a href="wbinfo.1.html#minusU">-U uid</a>] [<a href="wbinfo.1.html#minusG">-G gid</a>]
+[<a href="wbinfo.1.html#minusS">-S sid</a>] [<a href="wbinfo.1.html#minusY">-Y sid</a>]
+<p><a name="DESCRIPTION"></a>
+<h2>DESCRIPTION</h2>
+
+<p>This program is part of the <strong>Samba</strong> suite version 3.0 and describes
+functionality not yet implemented in the main version of Samba.
+<p>The <strong>wbinfo</strong> program queries and returns information created and used by
+the <a href="winbindd.8.html"><strong>winbindd(8)</strong></a> daemon.
+<p>The <a href="winbindd.8.html"><strong>winbindd(8)</strong></a> daemon must be configured and
+running for the <strong>wbinfo</strong> program to be able to return information.
+<p><a name="OPTIONS"></a>
+<h2>OPTIONS</h2>
+
+<p>The following options are available to the <strong>wbinfo</strong> program:
+<p><dl>
+<p><a name="minusu"></a>
+<p></p><dt><strong><strong>-u</strong></strong><dd>
+<p>This option will list all users available in the Windows NT domain for
+which the <a href="winbindd.8.html"><strong>winbindd(8)</strong></a> daemon is operating in.
+Users in all trusted domains will also be listed. Note that this operation
+does not assign user ids to any users that have not already been seen by
+<a href="winbindd.8.html"><strong>winbindd(8)</strong></a>.
+<p><a name="minusg"></a>
+<p></p><dt><strong><strong>-g</strong></strong><dd>
+<p>This option will list all groups available in the Windows NT domain for
+which the <a href="winbindd.8.html"><strong>winbindd(8)</strong></a> daemon is operating in.
+Groups in all trusted domains will also be listed. Note that this
+operation does not assign group ids to any groups that have not already
+been seen by <a href="winbindd.8.html"><strong>winbindd(8)</strong></a>.
+<p><a name="minusn"></a>
+<p></p><dt><strong><strong>-n name</strong></strong><dd>
+<p>The <strong>-n</strong> option queries <a href="winbindd.8.html"><strong>winbindd(8)</strong></a> for the SID
+associated with the name specified. Domain names can be specified before
+the user name by using the winbind separator character. For example
+<code>DOM1/Administrator</code> refers to the <code>Administrator</code> user in the domain
+<code>DOM1</code>. If no domain is specified then the domain used is the one
+specified in the <strong>smb.conf</strong> <strong>workgroup</strong> parameter.
+<p><a name="minuss"></a>
+<p></p><dt><strong><strong>-s sid</strong></strong><dd>
+<p>Use <strong>-s</strong> to resolve a SID to a name. This is the inverse of the <strong>-n</strong>
+option above. SIDs must be specified as ASCII strings in the traditional
+Microsoft format. For example
+<code>S-1-5-21-1455342024-3071081365-2475485837-500</code>.
+<p><a name="minusU"></a>
+<p></p><dt><strong><strong>-U uid</strong></strong><dd>
+<p>Try to convert a UNIX user id to a Windows NT SID. If the uid specified
+does not refer to one within the <strong>winbind uid range</strong> then the operation
+will fail.
+<p><a name="minusG"></a>
+<p></p><dt><strong><strong>-G gid</strong></strong><dd>
+<p>Try to convert a UNIX group id to a Windows NT SID. If the gid specified
+does not refer to one within the <strong>winbind gid range</strong> then the operation
+will fail.
+<p><a name="minusS"></a>
+<p></p><dt><strong><strong>-S sid</strong></strong><dd>
+<p>Convert a SID to a UNIX user id. If the SID does not correspond to a UNIX
+user mapped by <a href="winbindd.8.html"><strong>winbindd(8)</strong></a> then the operation
+will fail.
+<p><a name="minusY"></a>
+<p></p><dt><strong><strong>-Y sid</strong></strong><dd>
+<p>Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX
+group mapped by <a href="winbindd.8.html"><strong>winbindd(8)</strong></a> then the operation
+will fail.
+<p></dl>
+<p><a name="EXITSTATUS"></a>
+<h2>EXIT STATUS</h2>
+
+<p>The <strong>wbinfo</strong> program returns 0 if the operation succeeded, or 1 if
+the operation failed. If the <a href="winbindd.8.html"><strong>winbindd(8)</strong></a> daemon
+is not working <strong>wbinfo</strong> will always return failure.
+<p><a name="SEEALSO"></a>
+<h2>SEE ALSO</h2>
+
+<p><a href="winbindd.8.html"><strong>winbindd(8)</strong></a>
+<p><a name="AUTHOR"></a>
+<h2>AUTHOR</h2>
+
+<p>The original Samba software and related utilities were created by
+Andrew Tridgell. Samba is now developed by the Samba Team as an Open
+Source project.
+<p><strong>wbinfo</strong> was written by Tim Potter.
+</body>
+</html>
-<html><head><title>winbindd (1)</title>
+<html><head><title>winbindd (8)</title>
<link rev="made" href="mailto:samba-bugs@samba.org">
</head>
<hr>
-<h1>winbindd (1)</h1>
+<h1>winbindd (8)</h1>
<h2>Samba</h2>
-<h2>8 May 2000</h2>
+<h2>13 Jun 2000</h2>
separator) or a + character. The + character appears to be the best
choice for 100% compatibility with existing unix utilities, but may be
an aesthetically bad choice depending on your taste.
+<p><strong>Default:</strong>
+<code> winbind separator = \</code>
<p><strong>Example:</strong>
<code> winbind separator = +</code>
<p><p></p><dt><strong>winbind uid</strong><dd>
<p>The winbind uid parameter specifies the range of user ids that are
-allocated by the <a href="winbindd.8.html"><strong>winbindd</strong></a> daemon. This range of
+allocated by the <strong>winbindd</strong> daemon. This range of
ids should have no existing local or nis users within it as strange
conflicts can occur otherwise.
<p><strong>Default:</strong>
<code> winbind uid = 10000-20000</code>
<p><p></p><dt><strong>winbind gid</strong><dd>
<p>The winbind gid parameter specifies the range of group ids that are
-allocated by the <a href="winbindd.8.html"><strong>winbindd</strong></a> daemon. This range of
-group ids should have no existing local or nis groups within it as strange
-conflicts can occur otherwise.
+allocated by the <strong>winbindd</strong> daemon. This range of group ids should have
+no existing local or nis groups within it as strange conflicts can occur
+otherwise.
<p><strong>Default:</strong>
<code> winbind gid = <empty string></code>
<p><strong>Example:</strong>
<code> winbind gid = 10000-20000</code>
<p><p></p><dt><strong>winbind cache time</strong><dd>
-<p>This parameter specifies the number of seconds the
-<a href="winbindd.8.html"><strong>winbindd</strong></a> daemon will cache user and group
-information before querying a Windows NT server again. When a item in
-the cache is older than this time winbindd will ask the domain
-controller for the sequence number of the servers account database. If
-the sequence number has not changed then the cached item is marked as
-valid for a further "winbind cache time" seconds. Otherwise the item
-is fetched from the server. This means that as long as the account
+<p>This parameter specifies the number of seconds the <strong>winbindd</strong> daemon will
+cache user and group information before querying a Windows NT server
+again. When a item in the cache is older than this time winbindd will ask
+the domain controller for the sequence number of the servers account
+database. If the sequence number has not changed then the cached item is
+marked as valid for a further "winbind cache time" seconds. Otherwise the
+item is fetched from the server. This means that as long as the account
database is not actively changing winbindd will only have to send one
sequence number query packet every "winbind cache time" seconds.
<p><strong>Default:</strong>
<code> winbind cache time = 15</code>
<p><p></p><dt><strong>template homedir</strong><dd>
<p>When filling out the user information for a Windows NT user, the
-<a href="winbindd.8.html"><strong>winbindd</strong></a> daemon uses this parameter to fill in
-the home directory for that user. If the string <code>%D</code> is present it is
-substituted with the user's Windows NT domain name. If the string <code>%U</code>
-is present it is substituted with the user's Windows NT user name.
+<strong>winbindd</strong> daemon uses this parameter to fill in the home directory for
+that user. If the string <code>%D</code> is present it is substituted with the
+user's Windows NT domain name. If the string <code>%U</code> is present it is
+substituted with the user's Windows NT user name.
<p><strong>Default:</strong>
<code> template homedir = /home/%D/%U</code>
<p><p></p><dt><strong>template shell</strong><dd>
<p>When filling out the user information for a Windows NT user, the
-<a href="winbindd.8.html"><strong>winbindd</strong></a> daemon uses this parameter to fill in
-the shell for that user.
+<strong>winbindd</strong> daemon uses this parameter to fill in the shell for that user.
<p><strong>Default:</strong>
<code> template shell = /bin/false</code>
<p></dl>
syntax for the username. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
winbindd.
-<p>NOTE: <a href="nmbd.8.html"><strong>nmbd</strong></a> must be running on the local machine for
-<a href="winbindd.8.html"><strong>winbindd</strong></a> to work.
+<p><a name="NOTES"></a>
+<h2>NOTES</h2>
+
+<p>The following notes are useful when configuring and running <strong>winbindd</strong>:
+<p><dl>
+<p><p></p><dt><strong></strong><dd>
+<a href="nmbd.8.html"><strong>nmbd</strong></a> must be running on the local machine for
+<strong>winbindd</strong> to work.
+<p><p></p><dt><strong></strong><dd>
+Client processes resolving names through the <strong>winbindd</strong> nsswitch module
+read an environment variable named <code>WINBINDD_DOMAIN</code>. If this variable
+contains a comma separated list of Windows NT domain names, then winbindd
+will only resolve users and groups within those Windows NT domains.
+<p><p></p><dt><strong></strong><dd>
+PAM is really easy to misconfigure. Make sure you know what you are doing
+when modifying PAM configuration files. It is possible to set up PAM
+such that you can no longer log into your system.
+<p><p></p><dt><strong></strong><dd>
+If more than one UNIX machine is running <strong>winbindd</strong>, then in general the
+user and groups ids allocated by <strong>winbindd</strong> will not be the same. The
+user and group ids will only be valid for the local machine.
+<p><p></p><dt><strong></strong><dd>
+If the the Windows NT RID to UNIX user and group id mapping file
+is damaged or destroyed then the mappings will be lost.
+<p></dl>
<p><a name="SIGNALS"></a>
<h2>SIGNALS</h2>
-<p>The following signals can be used to manipulate the
-<a href="winbindd.8.html"><strong>winbindd</strong></a> daemon.
+<p>The following signals can be used to manipulate the <strong>winbindd</strong> daemon.
<p><dl>
<p><p></p><dt><strong><code>SIGHUP</code></strong><dd>
<p>Reload the <code>smb.conf</code> file and apply any parameter changes to the running
-version of <a href="winbindd.8.html"><strong>winbindd</strong></a>. This signal also clears any
-cached user and group information.
+version of <strong>winbindd</strong>. This signal also clears any cached user and group
+information.
<p><p></p><dt><strong><code>SIGUSR1</code></strong><dd>
-<p>The <code>SIGUSR1</code> signal will cause <a href="winbindd.8.html"><strong>winbindd</strong></a> to
-write status information to the winbind log file including information
-about the number of user and group ids allocated by
-<a href="winbindd.8.html"><strong>winbindd</strong></a>.
+<p>The <code>SIGUSR1</code> signal will cause <strong>winbindd</strong> to write status information
+to the winbind log file including information about the number of user and
+group ids allocated by <strong>winbindd</strong>.
<p>Log files are stored in the filename specified by the <strong>log file</strong> parameter.
<p></dl>
<p><a name="FILES"></a>
<p><p></p><dt><strong>/lib/libnss_winbind.so.X</strong><dd>
<p>Implementation of name service switch library.
<p><p></p><dt><strong>$LOCKDIR/winbindd_idmap.tdb</strong><dd>
-<p>Storage for the Windows NT rid to UNIX user/group id mapping. If this file
-is damaged or destroyed then the mappings will be lost.
-<p>The lock directory is specified when Samba is initially compiled using the
+<p>Storage for the Windows NT rid to UNIX user/group id mapping. The lock
+directory is specified when Samba is initially compiled using the
<code>--with-lockdir</code> option. This directory is by default
<code>/usr/local/samba/var/locks</code>.
<p><p></p><dt><strong>$LOCKDIR/winbindd_cache.tdb</strong><dd>
<p>The original Samba software and related utilities were created by
Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project.
-<p>Winbindd was written by Tim Potter.
+<p><strong>winbindd</strong> was written by Tim Potter.
</body>
</html>
--- /dev/null
+.TH "wbinfo " "1" "13 Jun 2000" "Samba" "SAMBA"
+.PP
+.SH "NAME"
+wbinfo \- Query information from winbind daemon
+.PP
+.SH "SYNOPSIS"
+.PP
+\fBwbinfo\fP -u [-g] [-n name]
+[-s sid] [-U uid] [-G gid]
+[-S sid] [-Y sid]
+.PP
+.SH "DESCRIPTION"
+.PP
+This program is part of the \fBSamba\fP suite version 3\&.0 and describes
+functionality not yet implemented in the main version of Samba\&.
+.PP
+The \fBwbinfo\fP program queries and returns information created and used by
+the \fBwinbindd(8)\fP daemon\&.
+.PP
+The \fBwinbindd(8)\fP daemon must be configured and
+running for the \fBwbinfo\fP program to be able to return information\&.
+.PP
+.SH "OPTIONS"
+.PP
+The following options are available to the \fBwbinfo\fP program:
+.PP
+.IP
+.IP "\fB-u\fP"
+.IP
+This option will list all users available in the Windows NT domain for
+which the \fBwinbindd(8)\fP daemon is operating in\&.
+Users in all trusted domains will also be listed\&. Note that this operation
+does not assign user ids to any users that have not already been seen by
+\fBwinbindd(8)\fP\&.
+.IP
+.IP "\fB-g\fP"
+.IP
+This option will list all groups available in the Windows NT domain for
+which the \fBwinbindd(8)\fP daemon is operating in\&.
+Groups in all trusted domains will also be listed\&. Note that this
+operation does not assign group ids to any groups that have not already
+been seen by \fBwinbindd(8)\fP\&.
+.IP
+.IP "\fB-n name\fP"
+.IP
+The \fB-n\fP option queries \fBwinbindd(8)\fP for the SID
+associated with the name specified\&. Domain names can be specified before
+the user name by using the winbind separator character\&. For example
+\f(CWDOM1/Administrator\fP refers to the \f(CWAdministrator\fP user in the domain
+\f(CWDOM1\fP\&. If no domain is specified then the domain used is the one
+specified in the \fBsmb\&.conf\fP \fBworkgroup\fP parameter\&.
+.IP
+.IP "\fB-s sid\fP"
+.IP
+Use \fB-s\fP to resolve a SID to a name\&. This is the inverse of the \fB-n\fP
+option above\&. SIDs must be specified as ASCII strings in the traditional
+Microsoft format\&. For example
+\f(CWS-1-5-21-1455342024-3071081365-2475485837-500\fP\&.
+.IP
+.IP "\fB-U uid\fP"
+.IP
+Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified
+does not refer to one within the \fBwinbind uid range\fP then the operation
+will fail\&.
+.IP
+.IP "\fB-G gid\fP"
+.IP
+Try to convert a UNIX group id to a Windows NT SID\&. If the gid specified
+does not refer to one within the \fBwinbind gid range\fP then the operation
+will fail\&.
+.IP
+.IP "\fB-S sid\fP"
+.IP
+Convert a SID to a UNIX user id\&. If the SID does not correspond to a UNIX
+user mapped by \fBwinbindd(8)\fP then the operation
+will fail\&.
+.IP
+.IP "\fB-Y sid\fP"
+.IP
+Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX
+group mapped by \fBwinbindd(8)\fP then the operation
+will fail\&.
+.IP
+.PP
+.SH "EXIT STATUS"
+.PP
+The \fBwbinfo\fP program returns 0 if the operation succeeded, or 1 if
+the operation failed\&. If the \fBwinbindd(8)\fP daemon
+is not working \fBwbinfo\fP will always return failure\&.
+.PP
+.SH "SEE ALSO"
+.PP
+\fBwinbindd(8)\fP
+.PP
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities were created by
+Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open
+Source project\&.
+.PP
+\fBwbinfo\fP was written by Tim Potter\&.
-.TH "winbindd " "1" "8 May 2000" "Samba" "SAMBA"
+.TH "winbindd " "8" "13 Jun 2000" "Samba" "SAMBA"
.PP
.SH "NAME"
winbindd \- Name Service Switch daemon for resolving names from NT servers
choice for 100% compatibility with existing unix utilities, but may be
an aesthetically bad choice depending on your taste\&.
.IP
+\fBDefault:\fP
+\f(CW winbind separator = \e\fP
+.IP
\fBExample:\fP
\f(CW winbind separator = +\fP
.IP
.IP "winbind gid"
.IP
The winbind gid parameter specifies the range of group ids that are
-allocated by the \fBwinbindd\fP daemon\&. This range of
-group ids should have no existing local or nis groups within it as strange
-conflicts can occur otherwise\&.
+allocated by the \fBwinbindd\fP daemon\&. This range of group ids should have
+no existing local or nis groups within it as strange conflicts can occur
+otherwise\&.
.IP
\fBDefault:\fP
\f(CW winbind gid = <empty string>\fP
.IP
.IP "winbind cache time"
.IP
-This parameter specifies the number of seconds the
-\fBwinbindd\fP daemon will cache user and group
-information before querying a Windows NT server again\&. When a item in
-the cache is older than this time winbindd will ask the domain
-controller for the sequence number of the servers account database\&. If
-the sequence number has not changed then the cached item is marked as
-valid for a further "winbind cache time" seconds\&. Otherwise the item
-is fetched from the server\&. This means that as long as the account
+This parameter specifies the number of seconds the \fBwinbindd\fP daemon will
+cache user and group information before querying a Windows NT server
+again\&. When a item in the cache is older than this time winbindd will ask
+the domain controller for the sequence number of the servers account
+database\&. If the sequence number has not changed then the cached item is
+marked as valid for a further "winbind cache time" seconds\&. Otherwise the
+item is fetched from the server\&. This means that as long as the account
database is not actively changing winbindd will only have to send one
sequence number query packet every "winbind cache time" seconds\&.
.IP
.IP "template homedir"
.IP
When filling out the user information for a Windows NT user, the
-\fBwinbindd\fP daemon uses this parameter to fill in
-the home directory for that user\&. If the string \f(CW%D\fP is present it is
-substituted with the user\'s Windows NT domain name\&. If the string \f(CW%U\fP
-is present it is substituted with the user\'s Windows NT user name\&.
+\fBwinbindd\fP daemon uses this parameter to fill in the home directory for
+that user\&. If the string \f(CW%D\fP is present it is substituted with the
+user\'s Windows NT domain name\&. If the string \f(CW%U\fP is present it is
+substituted with the user\'s Windows NT user name\&.
.IP
\fBDefault:\fP
\f(CW template homedir = /home/%D/%U\fP
.IP "template shell"
.IP
When filling out the user information for a Windows NT user, the
-\fBwinbindd\fP daemon uses this parameter to fill in
-the shell for that user\&.
+\fBwinbindd\fP daemon uses this parameter to fill in the shell for that user\&.
.IP
\fBDefault:\fP
\f(CW template shell = /bin/false\fP
passwd" and "getent group" to confirm the correct operation of
winbindd\&.
.PP
-NOTE: \fBnmbd\fP must be running on the local machine for
+.SH "NOTES"
+.PP
+The following notes are useful when configuring and running \fBwinbindd\fP:
+.PP
+.IP
+.IP ""
+\fBnmbd\fP must be running on the local machine for
\fBwinbindd\fP to work\&.
+.IP
+.IP ""
+Client processes resolving names through the \fBwinbindd\fP nsswitch module
+read an environment variable named \f(CWWINBINDD_DOMAIN\fP\&. If this variable
+contains a comma separated list of Windows NT domain names, then winbindd
+will only resolve users and groups within those Windows NT domains\&.
+.IP
+.IP ""
+PAM is really easy to misconfigure\&. Make sure you know what you are doing
+when modifying PAM configuration files\&. It is possible to set up PAM
+such that you can no longer log into your system\&.
+.IP
+.IP ""
+If more than one UNIX machine is running \fBwinbindd\fP, then in general the
+user and groups ids allocated by \fBwinbindd\fP will not be the same\&. The
+user and group ids will only be valid for the local machine\&.
+.IP
+.IP ""
+If the the Windows NT RID to UNIX user and group id mapping file
+is damaged or destroyed then the mappings will be lost\&.
+.IP
.PP
.SH "SIGNALS"
.PP
-The following signals can be used to manipulate the
-\fBwinbindd\fP daemon\&.
+The following signals can be used to manipulate the \fBwinbindd\fP daemon\&.
.PP
.IP
.IP "\f(CWSIGHUP\fP"
.IP
Reload the \f(CWsmb\&.conf\fP file and apply any parameter changes to the running
-version of \fBwinbindd\fP\&. This signal also clears any
-cached user and group information\&.
+version of \fBwinbindd\fP\&. This signal also clears any cached user and group
+information\&.
.IP
.IP "\f(CWSIGUSR1\fP"
.IP
-The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to
-write status information to the winbind log file including information
-about the number of user and group ids allocated by
-\fBwinbindd\fP\&.
+The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to write status information
+to the winbind log file including information about the number of user and
+group ids allocated by \fBwinbindd\fP\&.
.IP
Log files are stored in the filename specified by the \fBlog file\fP parameter\&.
.IP
.IP
.IP "$LOCKDIR/winbindd_idmap\&.tdb"
.IP
-Storage for the Windows NT rid to UNIX user/group id mapping\&. If this file
-is damaged or destroyed then the mappings will be lost\&.
-.IP
-The lock directory is specified when Samba is initially compiled using the
+Storage for the Windows NT rid to UNIX user/group id mapping\&. The lock
+directory is specified when Samba is initially compiled using the
\f(CW--with-lockdir\fP option\&. This directory is by default
\f(CW/usr/local/samba/var/locks\fP\&.
.IP
Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open
Source project\&.
.PP
-Winbindd was written by Tim Potter\&.
+\fBwinbindd\fP was written by Tim Potter\&.
--- /dev/null
+mailto(samba-bugs@samba.org)
+manpage(wbinfo htmlcommand((1)))(1)(13 Jun 2000)(Samba)(SAMBA)
+
+label(NAME)
+manpagename(wbinfo)(Query information from winbind daemon)
+
+label(SYNOPSIS)
+manpagesynopsis()
+
+bf(wbinfo) link(-u)(minusu) [link(-g)(minusg)] [link(-n name)(minusn)]
+[link(-s sid)(minuss)] [link(-U uid)(minusU)] [link(-G gid)(minusG)]
+[link(-S sid)(minusS)] [link(-Y sid)(minusY)]
+
+label(DESCRIPTION)
+manpagedescription()
+
+This program is part of the bf(Samba) suite version 3.0 and describes
+functionality not yet implemented in the main version of Samba.
+
+The bf(wbinfo) program queries and returns information created and used by
+the url(bf(winbindd(8)))(winbindd.8.html) daemon.
+
+The url(bf(winbindd(8)))(winbindd.8.html) daemon must be configured and
+running for the bf(wbinfo) program to be able to return information.
+
+label(OPTIONS)
+manpageoptions()
+
+The following options are available to the bf(wbinfo) program:
+
+startdit()
+
+label(minusu)
+dit(bf(-u))
+
+This option will list all users available in the Windows NT domain for
+which the url(bf(winbindd(8)))(winbindd.8.html) daemon is operating in.
+Users in all trusted domains will also be listed. Note that this operation
+does not assign user ids to any users that have not already been seen by
+url(bf(winbindd(8)))(winbindd.8.html).
+
+label(minusg)
+dit(bf(-g))
+
+This option will list all groups available in the Windows NT domain for
+which the url(bf(winbindd(8)))(winbindd.8.html) daemon is operating in.
+Groups in all trusted domains will also be listed. Note that this
+operation does not assign group ids to any groups that have not already
+been seen by url(bf(winbindd(8)))(winbindd.8.html).
+
+label(minusn)
+dit(bf(-n name))
+
+The bf(-n) option queries url(bf(winbindd(8)))(winbindd.8.html) for the SID
+associated with the name specified. Domain names can be specified before
+the user name by using the winbind separator character. For example
+tt(DOM1/Administrator) refers to the tt(Administrator) user in the domain
+tt(DOM1). If no domain is specified then the domain used is the one
+specified in the bf(smb.conf) bf(workgroup) parameter.
+
+label(minuss)
+dit(bf(-s sid))
+
+Use bf(-s) to resolve a SID to a name. This is the inverse of the bf(-n)
+option above. SIDs must be specified as ASCII strings in the traditional
+Microsoft format. For example
+tt(S-1-5-21-1455342024-3071081365-2475485837-500).
+
+label(minusU)
+dit(bf(-U uid))
+
+Try to convert a UNIX user id to a Windows NT SID. If the uid specified
+does not refer to one within the bf(winbind uid range) then the operation
+will fail.
+
+label(minusG)
+dit(bf(-G gid))
+
+Try to convert a UNIX group id to a Windows NT SID. If the gid specified
+does not refer to one within the bf(winbind gid range) then the operation
+will fail.
+
+label(minusS)
+dit(bf(-S sid))
+
+Convert a SID to a UNIX user id. If the SID does not correspond to a UNIX
+user mapped by url(bf(winbindd(8)))(winbindd.8.html) then the operation
+will fail.
+
+label(minusY)
+dit(bf(-Y sid))
+
+Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX
+group mapped by url(bf(winbindd(8)))(winbindd.8.html) then the operation
+will fail.
+
+enddit()
+
+label(EXIT STATUS)
+manpagesection(EXIT STATUS)
+
+The bf(wbinfo) program returns 0 if the operation succeeded, or 1 if
+the operation failed. If the url(bf(winbindd(8)))(winbindd.8.html) daemon
+is not working bf(wbinfo) will always return failure.
+
+label(SEEALSO)
+manpageseealso()
+
+url(bf(winbindd(8)))(winbindd.8.html)
+
+label(AUTHOR)
+manpageauthor()
+
+The original Samba software and related utilities were created by
+Andrew Tridgell. Samba is now developed by the Samba Team as an Open
+Source project.
+
+bf(wbinfo) was written by Tim Potter.
mailto(samba-bugs@samba.org)
-manpage(winbindd htmlcommand((1)))(1)(8 May 2000)(Samba)(SAMBA)
+manpage(winbindd htmlcommand((8)))(8)(13 Jun 2000)(Samba)(SAMBA)
label(NAME)
manpagename(winbindd)(Name Service Switch daemon for resolving names from NT servers)
choice for 100% compatibility with existing unix utilities, but may be
an aesthetically bad choice depending on your taste.
+ bf(Default:)
+tt( winbind separator = \)
+
bf(Example:)
tt( winbind separator = +)
dit(winbind uid)
The winbind uid parameter specifies the range of user ids that are
-allocated by the url(bf(winbindd))(winbindd.8.html) daemon. This range of
+allocated by the bf(winbindd) daemon. This range of
ids should have no existing local or nis users within it as strange
conflicts can occur otherwise.
dit(winbind gid)
The winbind gid parameter specifies the range of group ids that are
-allocated by the url(bf(winbindd))(winbindd.8.html) daemon. This range of
-group ids should have no existing local or nis groups within it as strange
-conflicts can occur otherwise.
+allocated by the bf(winbindd) daemon. This range of group ids should have
+no existing local or nis groups within it as strange conflicts can occur
+otherwise.
bf(Default:)
tt( winbind gid = <empty string>)
dit(winbind cache time)
-This parameter specifies the number of seconds the
-url(bf(winbindd))(winbindd.8.html) daemon will cache user and group
-information before querying a Windows NT server again. When a item in
-the cache is older than this time winbindd will ask the domain
-controller for the sequence number of the servers account database. If
-the sequence number has not changed then the cached item is marked as
-valid for a further "winbind cache time" seconds. Otherwise the item
-is fetched from the server. This means that as long as the account
+This parameter specifies the number of seconds the bf(winbindd) daemon will
+cache user and group information before querying a Windows NT server
+again. When a item in the cache is older than this time winbindd will ask
+the domain controller for the sequence number of the servers account
+database. If the sequence number has not changed then the cached item is
+marked as valid for a further "winbind cache time" seconds. Otherwise the
+item is fetched from the server. This means that as long as the account
database is not actively changing winbindd will only have to send one
sequence number query packet every "winbind cache time" seconds.
dit(template homedir)
When filling out the user information for a Windows NT user, the
-url(bf(winbindd))(winbindd.8.html) daemon uses this parameter to fill in
-the home directory for that user. If the string tt(%D) is present it is
-substituted with the user's Windows NT domain name. If the string tt(%U)
-is present it is substituted with the user's Windows NT user name.
+bf(winbindd) daemon uses this parameter to fill in the home directory for
+that user. If the string tt(%D) is present it is substituted with the
+user's Windows NT domain name. If the string tt(%U) is present it is
+substituted with the user's Windows NT user name.
bf(Default:)
tt( template homedir = /home/%D/%U)
dit(template shell)
When filling out the user information for a Windows NT user, the
-url(bf(winbindd))(winbindd.8.html) daemon uses this parameter to fill in
-the shell for that user.
+bf(winbindd) daemon uses this parameter to fill in the shell for that user.
bf(Default:)
tt( template shell = /bin/false)
passwd" and "getent group" to confirm the correct operation of
winbindd.
-NOTE: url(bf(nmbd))(nmbd.8.html) must be running on the local machine for
-url(bf(winbindd))(winbindd.8.html) to work.
+label(NOTES)
+manpagesection(NOTES)
+
+The following notes are useful when configuring and running bf(winbindd):
+
+startdit()
+
+dit()
+url(bf(nmbd))(nmbd.8.html) must be running on the local machine for
+bf(winbindd) to work.
+
+dit()
+Client processes resolving names through the bf(winbindd) nsswitch module
+read an environment variable named tt(WINBINDD_DOMAIN). If this variable
+contains a comma separated list of Windows NT domain names, then winbindd
+will only resolve users and groups within those Windows NT domains.
+
+dit()
+PAM is really easy to misconfigure. Make sure you know what you are doing
+when modifying PAM configuration files. It is possible to set up PAM
+such that you can no longer log into your system.
+
+dit()
+If more than one UNIX machine is running bf(winbindd), then in general the
+user and groups ids allocated by bf(winbindd) will not be the same. The
+user and group ids will only be valid for the local machine.
+
+dit()
+If the the Windows NT RID to UNIX user and group id mapping file
+is damaged or destroyed then the mappings will be lost.
+
+enddit()
label(SIGNALS)
manpagesection(SIGNALS)
-The following signals can be used to manipulate the
-url(bf(winbindd))(winbindd.8.html) daemon.
+The following signals can be used to manipulate the bf(winbindd) daemon.
startdit()
dit(tt(SIGHUP))
Reload the tt(smb.conf) file and apply any parameter changes to the running
-version of url(bf(winbindd))(winbindd.8.html). This signal also clears any
-cached user and group information.
+version of bf(winbindd). This signal also clears any cached user and group
+information.
dit(tt(SIGUSR1))
-The tt(SIGUSR1) signal will cause url(bf(winbindd))(winbindd.8.html) to
-write status information to the winbind log file including information
-about the number of user and group ids allocated by
-url(bf(winbindd))(winbindd.8.html).
+The tt(SIGUSR1) signal will cause bf(winbindd) to write status information
+to the winbind log file including information about the number of user and
+group ids allocated by bf(winbindd).
Log files are stored in the filename specified by the bf(log file) parameter.
dit($LOCKDIR/winbindd_idmap.tdb)
-Storage for the Windows NT rid to UNIX user/group id mapping. If this file
-is damaged or destroyed then the mappings will be lost.
-
-The lock directory is specified when Samba is initially compiled using the
+Storage for the Windows NT rid to UNIX user/group id mapping. The lock
+directory is specified when Samba is initially compiled using the
tt(--with-lockdir) option. This directory is by default
tt(/usr/local/samba/var/locks).
Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project.
-Winbindd was written by Tim Potter.
+bf(winbindd) was written by Tim Potter.
git.samba.org / sfrench / samba-autobuild / .git / commitdiff