Discussion:
[Samba] Getting a Windows username from an SID with Samba/Winbind
Toby Newman
2009-10-08 09:22:46 UTC
Permalink
I am running Linux in a corporate windows environment.

I need to convert user's Active Directory security identifiers (SIDs) to
usernames, for example S-1-5-21-484763869-1275210071-682003330-34567 to
mydomain\jbloggs.

There are a few Windows tools that do this like SIDDecode and SidToName,
but they don't work under wine.

I've been reading about Winbind and Samba and it seems it may be possible
to achieve this with those. Does anyone here know how?

Many thanks,
Toby Newman
Alexander Födisch
2009-10-08 10:12:55 UTC
Permalink
wbinfo -s <SID> is what you are looking for.

Best
Post by Toby Newman
I am running Linux in a corporate windows environment.
I need to convert user's Active Directory security identifiers (SIDs) to
usernames, for example S-1-5-21-484763869-1275210071-682003330-34567 to
mydomain\jbloggs.
There are a few Windows tools that do this like SIDDecode and SidToName,
but they don't work under wine.
I've been reading about Winbind and Samba and it seems it may be
possible to achieve this with those. Does anyone here know how?
Many thanks,
Toby Newman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5905 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20091008/c063ec6b/attachment.bin>
samba
2009-10-08 10:32:01 UTC
Permalink
That looks perfect.

How do I tell it which server to use? At the moment I think it's assuming
localhost and just giving:

$ wbinfo -s S-1-5-21-484763869-1275210071-682003330-23849
Could not lookup sid S-1-5-21-484763869-1275210071-682003330-23849

The other (Windows) tools I've used need an SID and an IP of a server, but
I can't see the option in the manpage for wbinfo for a server.

Toby
Post by Alexander Födisch
wbinfo -s <SID> is what you are looking for.
Best
Post by Toby Newman
I am running Linux in a corporate windows environment.
I need to convert user's Active Directory security identifiers (SIDs) to
usernames, for example S-1-5-21-484763869-1275210071-682003330-34567 to
mydomain\jbloggs.
There are a few Windows tools that do this like SIDDecode and SidToName,
but they don't work under wine.
I've been reading about Winbind and Samba and it seems it may be possible
to achieve this with those. Does anyone here know how?
Many thanks,
Toby Newman
Volker Lendecke
2009-10-08 10:52:06 UTC
Permalink
Post by samba
That looks perfect.
How do I tell it which server to use? At the moment I think it's assuming
$ wbinfo -s S-1-5-21-484763869-1275210071-682003330-23849
Could not lookup sid S-1-5-21-484763869-1275210071-682003330-23849
The other (Windows) tools I've used need an SID and an IP of a server,
but I can't see the option in the manpage for wbinfo for a server.
If you're a member of a domain, winbind will find that out
itself. If you are not, you can't use wbinfo. Then you will
need to use

rpcclient <server-IP> -U user%pass -c "lookupsids <sid>"

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20091008/188fb6cf/attachment.pgp>
Toby Newman
2009-10-08 10:55:28 UTC
Permalink
Post by Volker Lendecke
Post by samba
That looks perfect.
How do I tell it which server to use? At the moment I think it's assuming
$ wbinfo -s S-1-5-21-484763869-1275210071-682003330-23849
Could not lookup sid S-1-5-21-484763869-1275210071-682003330-23849
The other (Windows) tools I've used need an SID and an IP of a server,
but I can't see the option in the manpage for wbinfo for a server.
If you're a member of a domain, winbind will find that out
itself. If you are not, you can't use wbinfo. Then you will
need to use
rpcclient <server-IP> -U user%pass -c "lookupsids <sid>"
That works perfectly. Thank you: You got me out of a bind today :)

Toby

Loading...