Winbind in Action

In theory, Winbind should now be working. In practice, though, various problems can occur. You can perform tests to check on Winbind’s operation that will point you to likely solutions for any problems that might exist. Once the system is up and running, you can begin using it, but you should understand its capabilities and limitations in day-to-day operation.

Testing Winbind Operation

We looked at the wbinfo tool that tests Winbind operation in Section 7.2.2. This tool queries the domain controller via Winbind without using the NSS or PAM libraries, and as such, it’s a good test of “pure” Winbind operation. It provides several options you can use to test basic Winbind operations:

-a username%password

This option performs a test authentication using the provided username and password. If it succeeds, Winbind can authenticate users. This option only works when run as root.


This option displays all groups available on the current domain.

-n name

Winbind returns the SID of the specified name, which is normally a username but could be a group name.


This option checks for the presence of Winbind; if it’s running and working at least minimally, the program responds Ping to winbindd succeeded.


Use this option to check the validity of your domain trust account. If it’s valid, wbinfo responds:

checking the trust secret via RPC calls succeeded

As described earlier, this option displays a list of usernames managed by Winbind.

Some additional options provide more ...

Get Linux in a Windows World now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.