NTLM group retrieval

Simon Annear simon.annear at solnetsolutions.co.nz
Thu Apr 22 00:33:13 GMT 2004 

Not sure if this is way off the mark

but a simple answer to the question
"Is it possible to retrieve group membership information from an NT4 
domain controller?"

from an nt workstation "net localgroup users" will give a list of all of 
the local machine

net group "domain users" /domain from our terminal server (member server)

gives me a list of all of the users in our domain to which the terminal 
server belongs

I guess this should give you enough to see the windows functionality - 
although I don't currently have access to a samba server to test it against.

Simon


Eric wrote:
> 
> See the "cli_RNetGroupEnum" function in clirap2.c from the Samba source; 
> this is the NetGroupEnum RAP call.  Although it sounds like what you 
> want is closer to NetUserGetGroups or NetGroupGetUsers (to retrieve not 
> just a list of groups, but users in a group/groups for a user). 
> Implementations of these are also in there.
> 
> 
> Eric
> 
>  >
>  > There's an old RAP call known as NetGroupEnum() that probably does what
>  > you want.  Microsoft has documentation on the function itself (the
>  > programmer's interface) but not on the wire format.  If you can write 
> some
>  > Windows code that calls the function, you can see what it does on the
>  > wire.  Ethereal probably has parsers for this.
>  >
>  > They're good folk, those Ethereal folk.  :)
>  >
>  > I *believe* that the function calls documented at the link below are RAP
>  > calls:
>  >
>  > 
> http://msdn.microsoft.com/library/en-us/netmgmt/netmgmt/network_management_reference.asp 
> 
>  >
>  > (...and, yes, 'netmgmt' is in there twice.)
>  >
>  > If that doesn't do it for you, then you'll need to look at RPC calls.
>  > I don't know enough about those to point you in the right direction.
>  >
>  > Hope that helps.
>  >
>  > Chris -)-----
>  >
>  > On Wed, Apr 21, 2004 at 11:19:36AM -0700, Jonny Larson wrote:
>  > > Reposting as I've received no replies.
>  > >
>  > > Could anyone at least point me toward a good NTLM documentation 
> source?
>  > >
>  > > Thanks,
>  > > Jonny L.
>  > >
>  > > ext Jonny Larson wrote:
>  > >
>  > > >
>  > > >Hello:
>  > > >Is it possible to do dynamic group retrieval in an old NT4 domain via
>  > > >NTLM.  Does the NTLM protocol support anything like that?  Is it
>  > > >possible to retrieve group membership information from an NT4 domain
>  > > >controller?
>  > > >
>  > > >To be clear, we are NOT using Active Directory.  We just have an NT4
>  > > >domain with primary & secondary DC's (and also WINS).
>  > > >
>  > > >TIA,
>  > > >Jonny L.
>  > > >
>  > > >
>  > > >
>  > >
>  > >
> 
>

More information about the samba-technical mailing list