[Samba] IP-to-Username lookups
Michael Schurter
michael at susens-schurter.com
Wed Nov 15 18:59:03 GMT 2006
On Tue, 2006-11-14 at 14:41 -0600, Michael Schurter wrote:
> Hi,
>
> I'm trying to figure out how to find users by IP. I'm parsing a
> firewall log and would like to map internal IPs to users.
>
> I noticed "nmblookup -A <ip>" returns interesting results:
>
> COMPUTER <00> - M <ACTIVE>
> DOMAIN <00> - <GROUP> M <ACTIVE>
> COMPUTER <03> - M <ACTIVE>
> COMPUTER <20> - M <ACTIVE>
> DOMAIN <1e> - <GROUP> M <ACTIVE>
> USERNAME <03> - M <ACTIVE>
>
> where COMPUTER = NetBIOS computer name, DOMAIN = AD Domain Name, and
> USERNAME = currently logged in user (right?).
>
> The only problem is, how do I tell which row is the Username?
It seems nmblookup doesn't return the username on non-Windows
workstations. My Linux workstation authenticates via pam_winbind and
has an active kerberos ticket, yet the following is returned:
SCHURTER3-LINUX <00> - H <ACTIVE>
SCHURTER3-LINUX <03> - H <ACTIVE>
SCHURTER3-LINUX <20> - H <ACTIVE>
DOMAIN <1e> - <GROUP> H <ACTIVE>
DOMAIN <00> - <GROUP> H <ACTIVE>
To match Windows workstations it should also display:
MICHAEL <03> - H <ACTIVE>
I'm not sure what the H & M characters stand for (H = Hybrid node?), but
I noticed Apple OSX workstations return B instead of H or M.
Still looking for how to do logged-in user lookups based on IP...
Michael Schurter
More information about the samba
mailing list