RFC: net cache samlogon list|show|delete

Ralph Böhme slow at samba.org
Wed Jun 28 07:14:44 UTC 2017 

On Wed, Jun 28, 2017 at 09:11:40AM +0200, Stefan Metzmacher wrote:
> Hi Ralph,
> 
> >> I'm working on an enhancement to net that will allow the user to work on the
> >> samlogon cache (netsamlogon_cache.tdb).
> >>
> >> I added this as a subcommand to the existing net cache commands. Any better
> >> suggestions?
> >>
> >> Here's what I already have:
> >>
> >> $ sudo ./bin/net cache samlogon 
> >> Invalid command: net cache samlogon 
> >> Usage:
> >> net cache samlogon list            List samlogon cache
> >> net cache samlogon show            Show samlogon cache entry
> >> net cache samlogon delete          Delete samlogon cache entry
> >>
> >> $ sudo ./bin/net cache samlogon list
> >> SID                                                Name                                     When cached
> >> ----------------------------------------------------------------------------------------------------------------------------
> >> S-1-5-21-364438107-531279461-249741216-1000        SLOWSERVER\slow                          Sun Mar 27 12:26:55 PM 2016 CEST
> >>
> >> $ sudo ./bin/net cache samlogon show S-1-5-21-364438107-531279461-249741216-1000
> >> Name: SLOWSERVER\slow
> >> SID  0: S-1-5-21-364438107-531279461-249741216-1000
> >> SID  1: S-1-5-21-364438107-531279461-249741216-513
> > 
> > fwiw, this lists all groups of the user... Better example:
> > 
> > $ sudo ./bin/net cache samlogon show S-1-5-21-364438107-531279461-249741216-1003
> > Name: SLOWSERVER\slow
> > SID  0: S-1-5-21-364438107-531279461-249741216-1003
> > SID  1: S-1-5-21-364438107-531279461-249741216-513
> > SID  2: S-1-5-21-364438107-531279461-249741216-1010
> > SID  3: S-1-5-21-364438107-531279461-249741216-1011
> 
> A mode that dump the whole cache entry with ndr_print
> whould be useful, similar to "net primarytrust dumpinfo",
> see https://git.samba.org/?p=samba.git;a=commitdiff;h=c7c17d9f503d6037aa

yup, though about that as well. Will add it...

> While there we should add more [flag(NDR_SECRET)] to hide secret values
> in ndr_print by default, see the attached patch as a start.

ack.

Cheerio!
-slow

More information about the samba-technical mailing list