Are there any command line options available to know the (user)account type?
Hemanth Thummala
hemanth.thummala at nutanix.com
Fri Feb 16 06:34:13 UTC 2018
Hi,
We are actually looking for a command line option to know if a specific AD user is actually of type “user” or “computer(machine)” account.
Existing wbinfo –n or –i (user info) commands which internally doing lsalookupnames()/lsalookupsids() seems to be always returning the Lsa_SidType as User for machine accounts too.
For example, user lookup for a machine account showing the type as USER SID.
$sudo wbinfo -n win-clinet2$
S-1-5-21-2181377586-1363663071-3087203698-1001 SID_USER (1)
There is SID type called “SidTypeComputer” available in enum of Lsa_SidType. But this doesn’t seems to be returned even when the lookup is done for machine account names. Looks like they are being treated as users in this context. I believe this is retuned by AD server. Couldn’t verify the trace as the response was encrypted. Would like to know if this is the expected SID type for machine accounts.
Looks like only “SamAccountType” attribute can authoritatively say if the requested account is of type user or computer account. I could achieve this using ldapsearch command.
I would like to know if there are any winbindd or wbinfo commands available which could give the authoritative response for user type. Please let me know.
Thanks,
Hemanth.
More information about the samba-technical
mailing list