NTLM group retrieval

Mon Apr 26 21:14:25 GMT 2004

Hi Simon:
Thanks for the quick and informative response.  I have more questions below.

ext Simon Annear wrote:

>
> net group "domain users" /domain from our terminal server (member server)
>
> gives me a list of all of the users in our domain to which the 
> terminal server belongs 

When I try "net group "Domain Users" " from my FreeBSD Samba bin 
directory I get:

No command:  Domain Users

I can list groups on our domain by doing:

net group -S domaincontrollerservername

But I can't see how to list the users in a group.  Is this possible?

>
>
> I guess this should give you enough to see the windows functionality - 
> although I don't currently have access to a samba server to test it 
> against.
>
> Simon
>
>
> Eric wrote:
>
>>
>> See the "cli_RNetGroupEnum" function in clirap2.c from the Samba 
>> source; this is the NetGroupEnum RAP call.  Although it sounds like 
>> what you want is closer to NetUserGetGroups or NetGroupGetUsers (to 
>> retrieve not just a list of groups, but users in a group/groups for a 
>> user). Implementations of these are also in there.
>>
>>
>> Eric
>>
>>  >
>>  > There's an old RAP call known as NetGroupEnum() that probably does 
>> what
>>  > you want.  Microsoft has documentation on the function itself (the
>>  > programmer's interface) but not on the wire format.  If you can 
>> write some
>>  > Windows code that calls the function, you can see what it does on the
>>  > wire.  Ethereal probably has parsers for this.
>>  >
>>  > They're good folk, those Ethereal folk.  :)
>>  >
>>  > I *believe* that the function calls documented at the link below 
>> are RAP
>>  > calls:
>>  >
>>  > 
>> http://msdn.microsoft.com/library/en-us/netmgmt/netmgmt/network_management_reference.asp 
>>
>>  >
>>  > (...and, yes, 'netmgmt' is in there twice.)
>>  >
>>  > If that doesn't do it for you, then you'll need to look at RPC calls.
>>  > I don't know enough about those to point you in the right direction.
>>  >
>>  > Hope that helps.
>>  >
>>  > Chris -)-----
>>  >
>>  > On Wed, Apr 21, 2004 at 11:19:36AM -0700, Jonny Larson wrote:
>>  > > Reposting as I've received no replies.
>>  > >
>>  > > Could anyone at least point me toward a good NTLM documentation 
>> source?
>>  > >
>>  > > Thanks,
>>  > > Jonny L.
>>  > >
>>  > > ext Jonny Larson wrote:
>>  > >
>>  > > >
>>  > > >Hello:
>>  > > >Is it possible to do dynamic group retrieval in an old NT4 
>> domain via
>>  > > >NTLM.  Does the NTLM protocol support anything like that?  Is it
>>  > > >possible to retrieve group membership information from an NT4 
>> domain
>>  > > >controller?
>>  > > >
>>  > > >To be clear, we are NOT using Active Directory.  We just have 
>> an NT4
>>  > > >domain with primary & secondary DC's (and also WINS).
>>  > > >
>>  > > >TIA,
>>  > > >Jonny L.
>>  > > >
>>  > > >
>>  > > >
>>  > >
>>  > >
>>
>>
>
>