OPTIONS¶
-a|--authenticate username%password
Attempt to authenticate a user via
winbindd(8).
This checks both authentication methods and reports its results.
Note
Do not be tempted to use this functionality for authentication in third-party
applications. Instead use
ntlm_auth(1).
--allocate-gid
Get a new GID out of idmap
--allocate-uid
Get a new UID out of idmap
--all-domains
List all domains (trusted and own domain).
-c|--change-secret
Change the trust account password. May be used in
conjunction with domain in order to change interdomain trust account
passwords.
--ccache-save username%password
Store user and password for ccache.
--change-user-password username
Change the password of a user. The old and new password
will be prompted.
--domain name
This parameter sets the domain on which any specified
operations will performed. If special domain name '.' is used to represent the
current domain to which
winbindd(8) belongs. Currently only the
-u, and
-g options honor this parameter.
-D|--domain-info domain
Show most of the info we have about the specified
domain.
--dsgetdcname domain
Find a DC for a domain.
--gid-info gid
Get group info from gid.
--group-info user
Get group info for user.
-g|--domain-groups
This option will list all groups available in the Windows
NT domain for which the
samba(7) daemon is operating in. Groups in all
trusted domains will also be listed. Note that this operation does not assign
group ids to any groups that have not already been seen by
winbindd(8).
--get-auth-user
Print username and password used by
winbindd(8)
during session setup to a domain controller. Username and password can be set
using
--set-auth-user. Only available for root.
--getdcname domain
Get the DC name for the specified domain.
-G|--gid-to-sid gid
Try to convert a UNIX group id to a Windows NT SID. If
the gid specified does not refer to one within the idmap gid range then the
operation will fail.
-?
Print brief help overview.
-i|--user-info user
Get user info.
-I|--WINS-by-ip ip
The
-I option queries
winbindd(8) to send a
node status request to get the NetBIOS name associated with the IP address
specified by the
ip parameter.
-K|--krb5auth username%password
Attempt to authenticate a user via Kerberos.
--lanman
Use lanman cryptography for user authentication.
-m|--trusted-domains
Produce a list of domains trusted by the Windows NT
server
winbindd(8) contacts when resolving names. This list does not
include the Windows NT domain the server is a Primary Domain Controller
for.
-n|--name-to-sid name
The
-n option queries
winbindd(8) for the
SID associated with the name specified. Domain names can be specified before
the user name by using the winbind separator character. For example
CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1. If
no domain is specified then the domain used is the one specified in the
smb.conf(5)workgroup parameter.
-N|--WINS-by-name name
The
-N option queries
winbindd(8) to query
the WINS server for the IP address associated with the NetBIOS name specified
by the
name parameter.
--ntlmv2
Use NTLMv2 cryptography for user authentication.
--online-status domain
Show whether domains are marked as online or offline. An
optional domain argument limits the output to the online status of a given
domain.
--own-domain
List own domain.
-p|--ping
Check whether
winbindd(8) is still alive. Prints
out either 'succeeded' or 'failed'.
-P|--ping-dc
Issue a no-effect command to our DC. This checks if our
secure channel connection to our domain controller is still alive. It has much
less impact than wbinfo -t.
-r|--user-groups username
Try to obtain the list of UNIX group ids to which the
user belongs. This only works for users defined on a Domain Controller.
-R|--lookup-rids rid1, rid2, rid3...
Converts RIDs to names. Uses a comma separated list of
rids.
-s|--sid-to-name sid
Use -s to resolve a SID to a name. This is the
inverse of the -n option above. SIDs must be specified as ASCII
strings in the traditional Microsoft format. For example,
S-1-5-21-1455342024-3071081365-2475485837-500.
--separator
Get the active winbind separator.
--set-auth-user username%password
Store username and password used by
winbindd(8)
during session setup to a domain controller. This enables winbindd to operate
in a Windows 2000 domain with Restrict Anonymous turned on (a.k.a. Permissions
compatible with Windows 2000 servers only).
-S|--sid-to-uid sid
Convert a SID to a UNIX user id. If the SID does not
correspond to a UNIX user mapped by
winbindd(8) then the operation will
fail.
--sid-aliases sid
Get SID aliases for a given SID.
--sid-to-fullname sid
Converts a SID to a full username
(DOMAIN\username).
-t|--check-secret
Verify that the workstation trust account created when
the Samba server is added to the Windows NT domain is working. May be used in
conjunction with domain in order to verify interdomain trust
accounts.
-u|--domain-users
This option will list all users available in the Windows
NT domain for which the
winbindd(8) daemon is operating in. Users in
all trusted domains will also be listed. Note that this operation does not
assign user ids to any users that have not already been seen by
winbindd(8) .
--uid-info uid
Get user info for the user connected to user id
UID.
--usage
Print brief help overview.
--user-domgroups sid
Get user domain groups.
--user-sids sid
Get user group SIDs for user.
-U|--uid-to-sid uid
Try to convert a UNIX user id to a Windows NT SID. If the
uid specified does not refer to one within the idmap range then the operation
will fail.
--verbose
Print additional information about the query
results.
-Y|--sid-to-gid sid
Convert a SID to a UNIX group id. If the SID does not
correspond to a UNIX group mapped by
winbindd(8) then the operation
will fail.
-V|--version
Prints the program version number.
-?|--help
Print a summary of command line options.