[31565] in Kerberos
Re: Getting a Windows username from an SID with Kerberos
daemon@ATHENA.MIT.EDU (John Jasen)
Fri Oct 9 10:39:10 2009
Message-ID: <4ACF4AD4.8030100@realityfailure.org>
Date: Fri, 09 Oct 2009 10:38:12 -0400
From: John Jasen <jjasen@realityfailure.org>
MIME-Version: 1.0
To: Toby Newman <google@asktoby.com>
In-Reply-To: <slrnhcrcb0.afj.google@ID-171443.user.uni-berlin.de>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Toby Newman wrote:
> I am running Linux in a corporate windows environment.
>
> I need to convert user's Active Directory security identifiers (SIDs)
> to usernames, for example S-1-5-21-484763869-1275210071-682003330-34567
> to mydomain\jbloggs.
>
> There are a few Windows tools that do this like SIDDecode and
> SidToName, but they don't work under wine.
>
> I've been reading about Kerberos and it seems it may be
> possible to achieve this. Does anyone here know how?
As someone else mentioned, kerberos has nothing to do with this.
What are you trying to accomplish? Plugging the linux system into Active
Directory? Or are you trying to convert Windows accounts to local UNIX
accounts? Or something else?
As a one time thing, you should be able to do an ldapsearch against AD
with the SID, and return the principalname or some other useful field.
--
-- John E. Jasen (jjasen@realityfailure.org)
-- No one will sorrow for me when I die, because those who would
-- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
