Enumerating Unix users and groups from Windows

Corinna Vinschen corinna at vinschen.de
Sat Jul 26 11:19:30 GMT 2008

On Jul 26 10:12, Volker Lendecke wrote:
> On Fri, Jul 25, 2008 at 05:11:16PM +0200, Corinna Vinschen wrote:
> > That's not what I see.  The NetLocalGroupEnum function returns with
> > success but with an empty group list when called on a Samba server.
> > This is with 3.0.30.
> You get BUILTIN groups when they are some. We store them in
> our group mapping, administered with "net sam" or "net
> groupmap":
> BUILTIN\Administrators == S-1-5-32-544
> BUILTIN\Users == S-1-5-32-545
> DELPHIN\root == S-1-5-21-1698955576-602920669-2466945278-1000
> DELPHIN\vl == S-1-5-21-1698955576-602920669-2466945278-3014
> DELPHIN\vlendec == S-1-5-21-1698955576-602920669-2466945278-3000
> What I've also tried here is to list all users with
> NetUserEnum. This was against a Samba server where I have
> extended the samr_EnumDomains call to not only return
> BUILTIN and DELPHIN as domains, but also "Unix Users" and
> "Unix Groups". But as expected, NetUserEnum did not even try
> to look at those, although I've told it they are there. So
> I'm afraid as long as a unix user does not have a SID inside
> Samba's domain ("Unix Users" is just made to create a place
> for those), there's no way to list them via that API.

Oh well, too bad.  Thanks for testing!

> If you're able to talk SAMR RPC directly, we could easily
> extend our samr calls to also allow samr_OpenDomain on
> S-1-22 and list unix users and groups there.

No, I have only standard Windows calls available.  Never mind, I have a
workaround.  It's slow but it's something only called very seldom so it
doesn't matter much.

Thanks again,

More information about the samba-technical mailing list