Created manpage for wbinfo program.

Misc documentation updates for winbindd manpage.
(This used to be commit 1f225fddd93d8569d9836310e2f0a56be7f4250e)

2 files changed, 157 insertions, 32 deletions

diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
new file mode 100644
index 0000000000..3b78cac9ab
--- /dev/null
+++ b/docs/manpages/wbinfo.1
@@ -0,0 +1,101 @@
+.TH "wbinfo " "1" "13 Jun 2000" "Samba" "SAMBA" 
+.PP 
+.SH "NAME" 
+wbinfo \- Query information from winbind daemon
+.PP 
+.SH "SYNOPSIS" 
+.PP 
+\fBwbinfo\fP -u [-g] [-n name]
+[-s sid] [-U uid] [-G gid]
+[-S sid] [-Y sid] 
+.PP 
+.SH "DESCRIPTION" 
+.PP 
+This program is part of the \fBSamba\fP suite version 3\&.0 and describes
+functionality not yet implemented in the main version of Samba\&.
+.PP 
+The \fBwbinfo\fP program queries and returns information created and used by
+the \fBwinbindd(8)\fP daemon\&.
+.PP 
+The \fBwinbindd(8)\fP daemon must be configured and
+running for the \fBwbinfo\fP program to be able to return information\&.
+.PP 
+.SH "OPTIONS" 
+.PP 
+The following options are available to the \fBwbinfo\fP program:
+.PP 
+.IP 
+.IP "\fB-u\fP" 
+.IP 
+This option will list all users available in the Windows NT domain for
+which the \fBwinbindd(8)\fP daemon is operating in\&.
+Users in all trusted domains will also be listed\&.  Note that this operation
+does not assign user ids to any users that have not already been seen by
+\fBwinbindd(8)\fP\&.
+.IP 
+.IP "\fB-g\fP" 
+.IP 
+This option will list all groups available in the Windows NT domain for
+which the \fBwinbindd(8)\fP daemon is operating in\&.
+Groups in all trusted domains will also be listed\&.  Note that this
+operation does not assign group ids to any groups that have not already
+been seen by \fBwinbindd(8)\fP\&.
+.IP 
+.IP "\fB-n name\fP" 
+.IP 
+The \fB-n\fP option queries \fBwinbindd(8)\fP for the SID
+associated with the name specified\&.  Domain names can be specified before
+the user name by using the winbind separator character\&.  For example
+\f(CWDOM1/Administrator\fP refers to the \f(CWAdministrator\fP user in the domain
+\f(CWDOM1\fP\&.  If no domain is specified then the domain used is the one
+specified in the \fBsmb\&.conf\fP \fBworkgroup\fP parameter\&.
+.IP 
+.IP "\fB-s sid\fP" 
+.IP 
+Use \fB-s\fP to resolve a SID to a name\&.  This is the inverse of the \fB-n\fP
+option above\&.  SIDs must be specified as ASCII strings in the traditional
+Microsoft format\&. For example
+\f(CWS-1-5-21-1455342024-3071081365-2475485837-500\fP\&.
+.IP 
+.IP "\fB-U uid\fP" 
+.IP 
+Try to convert a UNIX user id to a Windows NT SID\&.  If the uid specified
+does not refer to one within the \fBwinbind uid range\fP then the operation
+will fail\&.
+.IP 
+.IP "\fB-G gid\fP" 
+.IP 
+Try to convert a UNIX group id to a Windows NT SID\&.  If the gid specified
+does not refer to one within the \fBwinbind gid range\fP then the operation
+will fail\&.
+.IP 
+.IP "\fB-S sid\fP" 
+.IP 
+Convert a SID to a UNIX user id\&.  If the SID does not correspond to a UNIX
+user mapped by \fBwinbindd(8)\fP then the operation
+will fail\&.
+.IP 
+.IP "\fB-Y sid\fP" 
+.IP 
+Convert a SID to a UNIX group id\&.  If the SID does not correspond to a UNIX
+group mapped by \fBwinbindd(8)\fP then the operation
+will fail\&.
+.IP 
+.PP 
+.SH "EXIT STATUS" 
+.PP 
+The \fBwbinfo\fP program returns 0 if the operation succeeded, or 1 if
+the operation failed\&.  If the \fBwinbindd(8)\fP daemon
+is not working \fBwbinfo\fP will always return failure\&.
+.PP 
+.SH "SEE ALSO" 
+.PP 
+\fBwinbindd(8)\fP
+.PP 
+.SH "AUTHOR" 
+.PP 
+The original Samba software and related utilities were created by
+Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open
+Source project\&.
+.PP 
+\fBwbinfo\fP was written by Tim Potter\&.
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
index a54f01f781..5af9ca5f90 100644
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@@ -1,4 +1,4 @@
-.TH "winbindd " "1" "8 May 2000" "Samba" "SAMBA" 
+.TH "winbindd " "8" "13 Jun 2000" "Samba" "SAMBA" 
 .PP 
 .SH "NAME" 
 winbindd \- Name Service Switch daemon for resolving names from NT servers
@@ -114,6 +114,9 @@ separator) or a + character\&. The + character appears to be the best
 choice for 100% compatibility with existing unix utilities, but may be
 an aesthetically bad choice depending on your taste\&.
 .IP 
+\fBDefault:\fP
+\f(CW     winbind separator = \e\fP
+.IP 
 \fBExample:\fP
 \f(CW     winbind separator = +\fP
 .IP 
@@ -133,9 +136,9 @@ conflicts can occur otherwise\&.
 .IP "winbind gid" 
 .IP 
 The winbind gid parameter specifies the range of group ids that are
-allocated by the \fBwinbindd\fP daemon\&.  This range of
-group ids should have no existing local or nis groups within it as strange
-conflicts can occur otherwise\&.
+allocated by the \fBwinbindd\fP daemon\&.  This range of group ids should have
+no existing local or nis groups within it as strange conflicts can occur
+otherwise\&.
 .IP 
 \fBDefault:\fP
 \f(CW     winbind gid = <empty string>\fP
@@ -145,14 +148,13 @@ conflicts can occur otherwise\&.
 .IP 
 .IP "winbind cache time" 
 .IP 
-This parameter specifies the number of seconds the
-\fBwinbindd\fP daemon will cache user and group
-information before querying a Windows NT server again\&. When a item in
-the cache is older than this time winbindd will ask the domain
-controller for the sequence number of the servers account database\&. If
-the sequence number has not changed then the cached item is marked as
-valid for a further "winbind cache time" seconds\&.  Otherwise the item
-is fetched from the server\&. This means that as long as the account
+This parameter specifies the number of seconds the \fBwinbindd\fP daemon will
+cache user and group information before querying a Windows NT server
+again\&. When a item in the cache is older than this time winbindd will ask
+the domain controller for the sequence number of the servers account
+database\&. If the sequence number has not changed then the cached item is
+marked as valid for a further "winbind cache time" seconds\&.  Otherwise the
+item is fetched from the server\&. This means that as long as the account
 database is not actively changing winbindd will only have to send one
 sequence number query packet every "winbind cache time" seconds\&.
 .IP 
@@ -162,10 +164,10 @@ sequence number query packet every "winbind cache time" seconds\&.
 .IP "template homedir" 
 .IP 
 When filling out the user information for a Windows NT user, the
-\fBwinbindd\fP daemon uses this parameter to fill in
-the home directory for that user\&.  If the string \f(CW%D\fP is present it is
-substituted with the user\'s Windows NT domain name\&.  If the string \f(CW%U\fP
-is present it is substituted with the user\'s Windows NT user name\&.
+\fBwinbindd\fP daemon uses this parameter to fill in the home directory for
+that user\&.  If the string \f(CW%D\fP is present it is substituted with the
+user\'s Windows NT domain name\&.  If the string \f(CW%U\fP is present it is
+substituted with the user\'s Windows NT user name\&.
 .IP 
 \fBDefault:\fP
 \f(CW     template homedir = /home/%D/%U\fP
@@ -173,8 +175,7 @@ is present it is substituted with the user\'s Windows NT user name\&.
 .IP "template shell" 
 .IP 
 When filling out the user information for a Windows NT user, the
-\fBwinbindd\fP daemon uses this parameter to fill in
-the shell for that user\&.  
+\fBwinbindd\fP daemon uses this parameter to fill in the shell for that user\&.
 .IP 
 \fBDefault:\fP
 \f(CW     template shell = /bin/false\fP
@@ -282,27 +283,52 @@ syntax for the username\&. You may wish to use the commands "getent
 passwd" and "getent group" to confirm the correct operation of
 winbindd\&. 
 .PP 
-NOTE: \fBnmbd\fP must be running on the local machine for
+.SH "NOTES" 
+.PP 
+The following notes are useful when configuring and running \fBwinbindd\fP:
+.PP 
+.IP 
+.IP "" 
+\fBnmbd\fP must be running on the local machine for
 \fBwinbindd\fP to work\&.
+.IP 
+.IP "" 
+Client processes resolving names through the \fBwinbindd\fP nsswitch module
+read an environment variable named \f(CWWINBINDD_DOMAIN\fP\&.  If this variable
+contains a comma separated list of Windows NT domain names, then winbindd
+will only resolve users and groups within those Windows NT domains\&.
+.IP 
+.IP "" 
+PAM is really easy to misconfigure\&.  Make sure you know what you are doing
+when modifying PAM configuration files\&.  It is possible to set up PAM
+such that you can no longer log into your system\&.
+.IP 
+.IP "" 
+If more than one UNIX machine is running \fBwinbindd\fP, then in general the
+user and groups ids allocated by \fBwinbindd\fP will not be the same\&.  The
+user and group ids will only be valid for the local machine\&.  
+.IP 
+.IP "" 
+If the the Windows NT RID to UNIX user and group id mapping file
+is damaged or destroyed then the mappings will be lost\&.
+.IP 
 .PP 
 .SH "SIGNALS" 
 .PP 
-The following signals can be used to manipulate the
-\fBwinbindd\fP daemon\&.
+The following signals can be used to manipulate the \fBwinbindd\fP daemon\&.
 .PP 
 .IP 
 .IP "\f(CWSIGHUP\fP" 
 .IP 
 Reload the \f(CWsmb\&.conf\fP file and apply any parameter changes to the running
-version of \fBwinbindd\fP\&.  This signal also clears any
-cached user and group information\&.
+version of \fBwinbindd\fP\&.  This signal also clears any cached user and group
+information\&.
 .IP 
 .IP "\f(CWSIGUSR1\fP" 
 .IP 
-The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to
-write status information to the winbind log file including information
-about the number of user and group ids allocated by
-\fBwinbindd\fP\&.
+The \f(CWSIGUSR1\fP signal will cause \fBwinbindd\fP to write status information
+to the winbind log file including information about the number of user and
+group ids allocated by \fBwinbindd\fP\&.
 .IP 
 Log files are stored in the filename specified by the \fBlog file\fP parameter\&.
 .IP 
@@ -330,10 +356,8 @@ Implementation of name service switch library\&.
 .IP 
 .IP "$LOCKDIR/winbindd_idmap\&.tdb" 
 .IP 
-Storage for the Windows NT rid to UNIX user/group id mapping\&.  If this file
-is damaged or destroyed then the mappings will be lost\&.
-.IP 
-The lock directory is specified when Samba is initially compiled using the
+Storage for the Windows NT rid to UNIX user/group id mapping\&.  The lock
+directory is specified when Samba is initially compiled using the
 \f(CW--with-lockdir\fP option\&.  This directory is by default
 \f(CW/usr/local/samba/var/locks\fP\&.
 .IP 
@@ -353,4 +377,4 @@ The original Samba software and related utilities were created by
 Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open
 Source project\&.
 .PP 
-Winbindd was written by Tim Potter\&.
+\fBwinbindd\fP was written by Tim Potter\&.