Discussion:
[Samba] net ads user info .vs. wbinfo -g ?
John McNulty
2011-06-20 16:44:22 UTC
Permalink
The group names from these two commands display differently. For example:

$ net ads user info my-name -U my-name
.
.
Systems Engineering EU


$ wbinfo -g
.
.
systemsengineeringeu.write


Why is this different?

Regards,

John
Robert Freeman-Day
2011-06-21 11:25:42 UTC
Permalink
Post by John McNulty
$ net ads user info my-name -U my-name
.
.
Systems Engineering EU
$ wbinfo -g
.
.
systemsengineeringeu.write
Why is this different?
Regards,
John
John,

The "net" command is a close relative to the "net" command for windows.
It will display information in a format more like windows or ldap-like
output.

If you do this type of "net" command on your samba install:

net ads search "(SAMAccountName=adusername)" -P

you will get all the entries from active directory, similar to the
output from ADSIedit. The "-P" allows you to use your samba machine's
credentials (if it is joined to the domain).

net ads search "(&(objectCategory=computer)(name=*rhel*))" -P

Allows ldap-like searching.

"wbinfo" and "winbindd" allow translation from windows account formats
to unix-like account formats. This is why the outputs are different.

If you were to do a "getent passwd aduser" you will get a direct entry
that is as if it was from /etc/passwd. It is actually getting info from
"winbindd" and translating it on the fly.

Hope that helps differentiate them.

Robert
- --
________

Robert Freeman-Day

https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
John McNulty
2011-06-22 08:07:30 UTC
Permalink
That's really useful thanks.

John
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by John McNulty
The group names from these two commands display differently. For
$ net ads user info my-name -U my-name
.
.
Systems Engineering EU
$ wbinfo -g
.
.
systemsengineeringeu.write
Why is this different?
Regards,
John
John,
The "net" command is a close relative to the "net" command for windows.
It will display information in a format more like windows or ldap-like
output.
net ads search "(SAMAccountName=adusername)" -P
you will get all the entries from active directory, similar to the
output from ADSIedit. The "-P" allows you to use your samba machine's
credentials (if it is joined to the domain).
net ads search "(&(objectCategory=computer)(name=*rhel*))" -P
Allows ldap-like searching.
"wbinfo" and "winbindd" allow translation from windows account formats
to unix-like account formats. This is why the outputs are different.
If you were to do a "getent passwd aduser" you will get a direct entry
that is as if it was from /etc/passwd. It is actually getting info from
"winbindd" and translating it on the fly.
Hope that helps differentiate them.
Robert
- --
________
Robert Freeman-Day
https://launchpad.net/~presgas
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4Af7EACgkQup357T5MfTZE2wCfbOebJzIGvrlJp+vSNJ/MOKv+
QF8An3NOKExf9gusbJfsZr/R13Heemwt
=bdGG
-----END PGP SIGNATURE-----
Loading...