Enumerating Unix users and groups from Windows

Corinna Vinschen corinna at vinschen.de
Wed Jul 23 11:14:12 GMT 2008

On Jul 23 06:56, Scott Lovenberg wrote:
> Corinna Vinschen wrote:
>> Hi,
>> when I want to know the user/group name <-> SID mapping of the UNIX user
>> and groups (The ones with SIDs S-1-22-1, S-1-22-2), I can call
>> LookupAccountSid and LookupAccountName just fine from Windows. 
>> However, it doesn't seem to be possible to enumerate these accounts
>> using NetUserEnum/NetGroupEnum/NetLocalGroupEnum.
>> Nor can I ask for detailed user information with NetUserGetInfo.  The
>> call always returns Win32 error 2221.
>> Am I missing something obvious, or is it really only possible to use the
>> LookupAccountFOO calls for a direct account<->SID mapping?
>> Corinna
> Not sure if this has anything to do with it (my samba book is on my desk at 
> work :/ ), but do you have "winbind enum users = true" and "winbind enum 
> groups = true" set on the samba server?  I'm thinking that those are only 
> for idmap'ing and bulk lookups, but have you looked at those settings?  
> Just a stab in the dark.

Thanks for the reply.  No, I don't use any of these settings and winbind
isn't running.  I can enumerate and get info for any user and group
account which is based on the machine SID.  It's just not possible to
enumerate and get info from the users and groups using the default
"Unix User"/"Unix Group" mappings.


More information about the samba-technical mailing list