Are there any command line options available to know the (user)account type?

Hemanth Thummala hemanth.thummala at
Fri Feb 16 19:40:06 UTC 2018

Hi Jeremy,

I have attached to gdb and able to dump the sid type returned from DC. 

dcerpc_wbint_LookupName_done (subreq=0x55ca88d6fdf0) at default/librpc/gen_ndr/ndr_winbind_c.c:820
820	default/librpc/gen_ndr/ndr_winbind_c.c: No such file or directory.
825	in default/librpc/gen_ndr/ndr_winbind_c.c
(gdb) p *state->tmp.out.type

I think this confirms that DC only giving the type as USER.


On 16/02/18, 11:28 AM, "Jeremy Allison" <jra at> wrote:

    On Fri, Feb 16, 2018 at 11:17:46AM -0800, Jeremy Allison via samba-technical wrote:
    > On Fri, Feb 16, 2018 at 06:34:13AM +0000, Hemanth Thummala via samba-technical wrote:
    > > Hi,
    > > 
    > > We are actually looking for a command line option to know if a specific AD user is actually of type “user” or “computer(machine)” account.
    > > 
    > > Existing wbinfo –n or –i (user info) commands which internally doing lsalookupnames()/lsalookupsids() seems to be always returning the Lsa_SidType as User for machine accounts too.
    > > 
    > > For example, user lookup for a machine account showing the type as USER SID.
    > > $sudo wbinfo -n win-clinet2$
    > > S-1-5-21-2181377586-1363663071-3087203698-1001 SID_USER (1)
    > > 
    > > There is SID type called “SidTypeComputer” available in enum of Lsa_SidType. But this doesn’t seems to be returned even when the lookup is done for machine account names. Looks like they are being treated as users in this context. I believe this is retuned by AD server. Couldn’t verify the trace as the response was encrypted. Would like to know if this is the expected SID type for machine accounts.
    > > 
    > > Looks like only “SamAccountType” attribute can authoritatively say if the requested account is of type user or computer account. I could achieve this using ldapsearch command.
    > > I would like to know if there are any winbindd or wbinfo commands available which could give the authoritative response for user type. Please let me know.
    > Hmmm. wbinfo is just returning the 'type' field
    > returned in:
    >         subreq = dcerpc_wbint_LookupName_send(
    >                 state, ev, dom_child_handle(domain),
    >                 state->dom_name, state->name,
    >                 flags, &state->type, &state->sid);
    > (the &state->type return) - which it gets back
    > from the DC. Is the DC correctly returning the
    > SidTypeComputer type ? I don't see any mapping
    > being done internally.
    Hemanth, add some custom DEBUG statements to dump
    out the contents of this field returned back from
    the DC, that should see if we're actually seeing it
    come back as expected.

More information about the samba-technical mailing list