<p><strong>wbinfo</strong> <a href="wbinfo.1.html#minusu">-u</a> [<a href="wbinfo.1.html#minusg">-g</a>] [<a href="wbinfo.1.html#minusn">-n name</a>]
[<a href="wbinfo.1.html#minuss">-s sid</a>] [<a href="wbinfo.1.html#minusU">-U uid</a>] [<a href="wbinfo.1.html#minusG">-G gid</a>]
-[<a href="wbinfo.1.html#minusS">-S sid</a>] [<a href="wbinfo.1.html#minusY">-Y sid</a>]
+[<a href="wbinfo.1.html#minusS">-S sid</a>] [<a href="wbinfo.1.html#minusY">-Y sid</a>] [<a href="wbinfo.1.html#minust">-t</a>]
+[<a href="wbinfo.1.html#minusm">-m</a>]
<p><a name="DESCRIPTION"></a>
<h2>DESCRIPTION</h2>
<p>Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX
group mapped by <a href="winbindd.8.html"><strong>winbindd(8)</strong></a> then the operation
will fail.
+<p><a name="minust"></a>
+<p></p><dt><strong><strong>-t</strong></strong><dd>
+<p>Verify that the workstation trust account created when the Samba server is
+added to the Windows NT domain is working.
+<p><a name="minusm"></a>
+<p></p><dt><strong><strong>-m</strong></strong><dd>
+<p>Produce a list of domains trusted by the Windows NT server
+<a href="winbindd.8.html"><strong>winbindd(8)</strong></a> contacts when resolving names. This
+list does not include the Windows NT domain the server is a Primary Domain
+Controller for.
<p></dl>
<p><a name="EXITSTATUS"></a>
<h2>EXIT STATUS</h2>
use debug level 100 (see <strong>BUGS.txt</strong>).
<p><a name="minusi"></a>
<p></p><dt><strong><strong>-i</strong></strong><dd>
-Tells winbindd to not become a daemon and detach from the current terminal.
-This option is used by developers when interactive debugging of winbindd is
+Tells <strong>winbindd</strong> to not become a daemon and detach from the current terminal.
+This option is used by developers when interactive debugging of <strong>winbindd</strong> is
required.
<p></dl>
<p><a name="NAMEANDIDRESOLUTION"></a>
<p><p></p><dt><strong>winbind cache time</strong><dd>
<p>This parameter specifies the number of seconds the <strong>winbindd</strong> daemon will
cache user and group information before querying a Windows NT server
-again. When a item in the cache is older than this time winbindd will ask
+again. When a item in the cache is older than this time <strong>winbindd</strong> will ask
the domain controller for the sequence number of the servers account
database. If the sequence number has not changed then the cached item is
marked as valid for a further "winbind cache time" seconds. Otherwise the
item is fetched from the server. This means that as long as the account
-database is not actively changing winbindd will only have to send one
+database is not actively changing <strong>winbindd</strong> will only have to send one
sequence number query packet every "winbind cache time" seconds.
<p><strong>Default:</strong>
<code> winbind cache time = 15</code>
<p><a name="EXAMPLESETUP"></a>
<h2>EXAMPLE SETUP</h2>
-<p>To setup winbindd for user and group lookups plus authentication from
+<p>To setup <strong>winbindd</strong> for user and group lookups plus authentication from
a domain controller use something like the following setup. This was
tested on a RedHat 6.2 Linux box.
<p>In <code>/etc/nsswitch.conf</code> put the following:
</pre>
-<p>Now start winbindd and you should find that your user and group
+<p>Now start <strong>winbindd</strong> and you should find that your user and group
database is expanded to include your NT users and groups, and that you
can login to your unix box as a domain user, using the <code>DOMAIN+user</code>
syntax for the username. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
-winbindd.
+<strong>winbindd</strong>.
<p><a name="NOTES"></a>
<h2>NOTES</h2>
<p><p></p><dt><strong></strong><dd>
<a href="nmbd.8.html"><strong>nmbd</strong></a> must be running on the local machine for
<strong>winbindd</strong> to work.
+<p><p></p><dt><strong></strong><dd>
+<strong>winbindd</strong> queries the list of trusted domains for the Windows NT server
+on startup and when a SIGHUP is received. Thus, for a running <strong>winbindd</strong>
+to become aware of new trust relationships between servers, it must be sent
+a SIGHUP signal.
<p><p></p><dt><strong></strong><dd>
Client processes resolving names through the <strong>winbindd</strong> nsswitch module
read an environment variable named <code>WINBINDD_DOMAIN</code>. If this variable
-contains a comma separated list of Windows NT domain names, then winbindd
+contains a comma separated list of Windows NT domain names, then <strong>winbindd</strong>
will only resolve users and groups within those Windows NT domains.
<p><p></p><dt><strong></strong><dd>
PAM is really easy to misconfigure. Make sure you know what you are doing
<p><p></p><dt><strong><code>SIGHUP</code></strong><dd>
<p>Reload the <code>smb.conf</code> file and apply any parameter changes to the running
version of <strong>winbindd</strong>. This signal also clears any cached user and group
-information.
+information. The list of other domains trusted by <strong>winbindd</strong> is also
+reloaded.
<p><p></p><dt><strong><code>SIGUSR1</code></strong><dd>
<p>The <code>SIGUSR1</code> signal will cause <strong>winbindd</strong> to write status information
to the winbind log file including information about the number of user and
<h2>SEE ALSO</h2>
<p><a href="samba.7.html"><strong>samba(7)</strong></a>, <a href="smb.conf.5.html"><strong>smb.conf(5)</strong></a>,
-<strong>nsswitch.conf(5)</strong>
+<strong>nsswitch.conf(5)</strong>, <a href="wbinfo.1.html"><strong>wbinfo(1)</strong></a>
<p><a name="AUTHOR"></a>
<h2>AUTHOR</h2>
.PP
\fBwbinfo\fP -u [-g] [-n name]
[-s sid] [-U uid] [-G gid]
-[-S sid] [-Y sid]
+[-S sid] [-Y sid] [-t]
+[-m]
.PP
.SH "DESCRIPTION"
.PP
group mapped by \fBwinbindd(8)\fP then the operation
will fail\&.
.IP
+.IP "\fB-t\fP"
+.IP
+Verify that the workstation trust account created when the Samba server is
+added to the Windows NT domain is working\&.
+.IP
+.IP "\fB-m\fP"
+.IP
+Produce a list of domains trusted by the Windows NT server
+\fBwinbindd(8)\fP contacts when resolving names\&. This
+list does not include the Windows NT domain the server is a Primary Domain
+Controller for\&.
+.IP
.PP
.SH "EXIT STATUS"
.PP
use debug level 100 (see \fBBUGS\&.txt\fP)\&.
.IP
.IP "\fB-i\fP"
-Tells winbindd to not become a daemon and detach from the current terminal\&.
-This option is used by developers when interactive debugging of winbindd is
+Tells \fBwinbindd\fP to not become a daemon and detach from the current terminal\&.
+This option is used by developers when interactive debugging of \fBwinbindd\fP is
required\&.
.IP
.PP
.IP
This parameter specifies the number of seconds the \fBwinbindd\fP daemon will
cache user and group information before querying a Windows NT server
-again\&. When a item in the cache is older than this time winbindd will ask
+again\&. When a item in the cache is older than this time \fBwinbindd\fP will ask
the domain controller for the sequence number of the servers account
database\&. If the sequence number has not changed then the cached item is
marked as valid for a further "winbind cache time" seconds\&. Otherwise the
item is fetched from the server\&. This means that as long as the account
-database is not actively changing winbindd will only have to send one
+database is not actively changing \fBwinbindd\fP will only have to send one
sequence number query packet every "winbind cache time" seconds\&.
.IP
\fBDefault:\fP
.PP
.SH "EXAMPLE SETUP"
.PP
-To setup winbindd for user and group lookups plus authentication from
+To setup \fBwinbindd\fP for user and group lookups plus authentication from
a domain controller use something like the following setup\&. This was
tested on a RedHat 6\&.2 Linux box\&.
.PP
.PP
-Now start winbindd and you should find that your user and group
+Now start \fBwinbindd\fP and you should find that your user and group
database is expanded to include your NT users and groups, and that you
can login to your unix box as a domain user, using the \f(CWDOMAIN+user\fP
syntax for the username\&. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
-winbindd\&.
+\fBwinbindd\fP\&.
.PP
.SH "NOTES"
.PP
\fBwinbindd\fP to work\&.
.IP
.IP ""
+\fBwinbindd\fP queries the list of trusted domains for the Windows NT server
+on startup and when a SIGHUP is received\&. Thus, for a running \fBwinbindd\fP
+to become aware of new trust relationships between servers, it must be sent
+a SIGHUP signal\&.
+.IP
+.IP ""
Client processes resolving names through the \fBwinbindd\fP nsswitch module
read an environment variable named \f(CWWINBINDD_DOMAIN\fP\&. If this variable
-contains a comma separated list of Windows NT domain names, then winbindd
+contains a comma separated list of Windows NT domain names, then \fBwinbindd\fP
will only resolve users and groups within those Windows NT domains\&.
.IP
.IP ""
.IP
Reload the \f(CWsmb\&.conf\fP file and apply any parameter changes to the running
version of \fBwinbindd\fP\&. This signal also clears any cached user and group
-information\&.
+information\&. The list of other domains trusted by \fBwinbindd\fP is also
+reloaded\&.
.IP
.IP "\f(CWSIGUSR1\fP"
.IP
.SH "SEE ALSO"
.PP
\fBsamba(7)\fP, \fBsmb\&.conf(5)\fP,
-\fBnsswitch\&.conf(5)\fP
+\fBnsswitch\&.conf(5)\fP, \fBwbinfo(1)\fP
.PP
.SH "AUTHOR"
.PP
bf(wbinfo) link(-u)(minusu) [link(-g)(minusg)] [link(-n name)(minusn)]
[link(-s sid)(minuss)] [link(-U uid)(minusU)] [link(-G gid)(minusG)]
-[link(-S sid)(minusS)] [link(-Y sid)(minusY)]
+[link(-S sid)(minusS)] [link(-Y sid)(minusY)] [link(-t)(minust)]
+[link(-m)(minusm)]
label(DESCRIPTION)
manpagedescription()
group mapped by url(bf(winbindd(8)))(winbindd.8.html) then the operation
will fail.
+label(minust)
+dit(bf(-t))
+
+Verify that the workstation trust account created when the Samba server is
+added to the Windows NT domain is working.
+
+label(minusm)
+dit(bf(-m))
+
+Produce a list of domains trusted by the Windows NT server
+url(bf(winbindd(8)))(winbindd.8.html) contacts when resolving names. This
+list does not include the Windows NT domain the server is a Primary Domain
+Controller for.
+
enddit()
label(EXIT STATUS)
label(minusi)
dit(bf(-i))
-Tells winbindd to not become a daemon and detach from the current terminal.
-This option is used by developers when interactive debugging of winbindd is
+Tells bf(winbindd) to not become a daemon and detach from the current terminal.
+This option is used by developers when interactive debugging of bf(winbindd) is
required.
enddit()
This parameter specifies the number of seconds the bf(winbindd) daemon will
cache user and group information before querying a Windows NT server
-again. When a item in the cache is older than this time winbindd will ask
+again. When a item in the cache is older than this time bf(winbindd) will ask
the domain controller for the sequence number of the servers account
database. If the sequence number has not changed then the cached item is
marked as valid for a further "winbind cache time" seconds. Otherwise the
item is fetched from the server. This means that as long as the account
-database is not actively changing winbindd will only have to send one
+database is not actively changing bf(winbindd) will only have to send one
sequence number query packet every "winbind cache time" seconds.
bf(Default:)
label(EXAMPLESETUP)
manpagesection(EXAMPLE SETUP)
-To setup winbindd for user and group lookups plus authentication from
+To setup bf(winbindd) for user and group lookups plus authentication from
a domain controller use something like the following setup. This was
tested on a RedHat 6.2 Linux box.
password server = *
)
-Now start winbindd and you should find that your user and group
+Now start bf(winbindd) and you should find that your user and group
database is expanded to include your NT users and groups, and that you
can login to your unix box as a domain user, using the tt(DOMAIN+user)
syntax for the username. You may wish to use the commands "getent
passwd" and "getent group" to confirm the correct operation of
-winbindd.
+bf(winbindd).
label(NOTES)
manpagesection(NOTES)
url(bf(nmbd))(nmbd.8.html) must be running on the local machine for
bf(winbindd) to work.
+dit()
+bf(winbindd) queries the list of trusted domains for the Windows NT server
+on startup and when a SIGHUP is received. Thus, for a running bf(winbindd)
+to become aware of new trust relationships between servers, it must be sent
+a SIGHUP signal.
+
dit()
Client processes resolving names through the bf(winbindd) nsswitch module
read an environment variable named tt(WINBINDD_DOMAIN). If this variable
-contains a comma separated list of Windows NT domain names, then winbindd
+contains a comma separated list of Windows NT domain names, then bf(winbindd)
will only resolve users and groups within those Windows NT domains.
dit()
Reload the tt(smb.conf) file and apply any parameter changes to the running
version of bf(winbindd). This signal also clears any cached user and group
-information.
+information. The list of other domains trusted by bf(winbindd) is also
+reloaded.
dit(tt(SIGUSR1))
manpageseealso()
url(bf(samba(7)))(samba.7.html), url(bf(smb.conf(5)))(smb.conf.5.html),
-bf(nsswitch.conf(5))
+bf(nsswitch.conf(5)), url(bf(wbinfo(1)))(wbinfo.1.html)
label(AUTHOR)
manpageauthor()
git.samba.org / kai / samba.git / commitdiff