Enumerating Unix users and groups from Windows
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Jul 25 14:28:19 GMT 2008
On Thu, Jul 24, 2008 at 10:54:36AM +0200, Corinna Vinschen wrote:
> For instance, when you call NetLocalGroupEnum on a Windows machine, you
> get a list which contains accounts from different "domains" and with
> different base SIDs, too. Calling LookupAccountName afterwards shows
> that clearly:
>
> NetLocalGroupEnum (MACHINE); LookupAccountName (Name)
>
> Name RID Domain SID
> ----------------- ---- ------- -------------------------------
> Administrators 544 BUILTIN S-1-5-32-544
> Backup Operators 551 BUILTIN S-1-5-32-551
> Guests 546 BUILTIN S-1-5-32-546
> [...]
> Users 545 BUILTIN S-1-5-32-545
> HelpServicesGroup 1001 MACHINE S-1-5-21-12345-67890-76543-1001
>
> So it enumerates BUILTIN accounts as well as MACHINE accounts.
>
> Samba could return the unix groups as local groups as well:
Well, not quite. Windows always has its SAM (the
S-1-5-21-12345-6... thingy), and S-1-5-32-xx. Samba does
this as well, so you should see the same output from a Samba
box. Those two domains are expected by the Win32 client API,
not more. We could try to experiment what Windows says when
we expand the samr_EnumDomains RPC call. What's the easiest
way to call the NetEnumUsers API call? Some vbs script? :-)
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080725/a3ff57b8/attachment.bin
More information about the samba-technical
mailing list