NTLM group retrieval
Simon Annear
simon.annear at solnetsolutions.co.nz
Thu Apr 22 00:33:13 GMT 2004
Not sure if this is way off the mark
but a simple answer to the question
"Is it possible to retrieve group membership information from an NT4
domain controller?"
from an nt workstation "net localgroup users" will give a list of all of
the local machine
net group "domain users" /domain from our terminal server (member server)
gives me a list of all of the users in our domain to which the terminal
server belongs
I guess this should give you enough to see the windows functionality -
although I don't currently have access to a samba server to test it against.
Simon
Eric wrote:
>
> See the "cli_RNetGroupEnum" function in clirap2.c from the Samba source;
> this is the NetGroupEnum RAP call. Although it sounds like what you
> want is closer to NetUserGetGroups or NetGroupGetUsers (to retrieve not
> just a list of groups, but users in a group/groups for a user).
> Implementations of these are also in there.
>
>
> Eric
>
> >
> > There's an old RAP call known as NetGroupEnum() that probably does what
> > you want. Microsoft has documentation on the function itself (the
> > programmer's interface) but not on the wire format. If you can write
> some
> > Windows code that calls the function, you can see what it does on the
> > wire. Ethereal probably has parsers for this.
> >
> > They're good folk, those Ethereal folk. :)
> >
> > I *believe* that the function calls documented at the link below are RAP
> > calls:
> >
> >
> http://msdn.microsoft.com/library/en-us/netmgmt/netmgmt/network_management_reference.asp
>
> >
> > (...and, yes, 'netmgmt' is in there twice.)
> >
> > If that doesn't do it for you, then you'll need to look at RPC calls.
> > I don't know enough about those to point you in the right direction.
> >
> > Hope that helps.
> >
> > Chris -)-----
> >
> > On Wed, Apr 21, 2004 at 11:19:36AM -0700, Jonny Larson wrote:
> > > Reposting as I've received no replies.
> > >
> > > Could anyone at least point me toward a good NTLM documentation
> source?
> > >
> > > Thanks,
> > > Jonny L.
> > >
> > > ext Jonny Larson wrote:
> > >
> > > >
> > > >Hello:
> > > >Is it possible to do dynamic group retrieval in an old NT4 domain via
> > > >NTLM. Does the NTLM protocol support anything like that? Is it
> > > >possible to retrieve group membership information from an NT4 domain
> > > >controller?
> > > >
> > > >To be clear, we are NOT using Active Directory. We just have an NT4
> > > >domain with primary & secondary DC's (and also WINS).
> > > >
> > > >TIA,
> > > >Jonny L.
> > > >
> > > >
> > > >
> > >
> > >
>
>
More information about the samba-technical
mailing list