Enumerating Unix users and groups from Windows

Volker Lendecke Volker.Lendecke at SerNet.DE
Sat Jul 26 08:12:31 GMT 2008


On Fri, Jul 25, 2008 at 05:11:16PM +0200, Corinna Vinschen wrote:
> That's not what I see.  The NetLocalGroupEnum function returns with
> success but with an empty group list when called on a Samba server.
> This is with 3.0.30.

You get BUILTIN groups when they are some. We store them in
our group mapping, administered with "net sam" or "net
groupmap":

BUILTIN\Administrators == S-1-5-32-544
BUILTIN\Users == S-1-5-32-545
DELPHIN\root == S-1-5-21-1698955576-602920669-2466945278-1000
DELPHIN\vl == S-1-5-21-1698955576-602920669-2466945278-3014
DELPHIN\vlendec == S-1-5-21-1698955576-602920669-2466945278-3000

What I've also tried here is to list all users with
NetUserEnum. This was against a Samba server where I have
extended the samr_EnumDomains call to not only return
BUILTIN and DELPHIN as domains, but also "Unix Users" and
"Unix Groups". But as expected, NetUserEnum did not even try
to look at those, although I've told it they are there. So
I'm afraid as long as a unix user does not have a SID inside
Samba's domain ("Unix Users" is just made to create a place
for those), there's no way to list them via that API.

If you're able to talk SAMR RPC directly, we could easily
extend our samr calls to also allow samr_OpenDomain on
S-1-22 and list unix users and groups there.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080726/8ad53d86/attachment.bin


More information about the samba-technical mailing list