[31572] in Kerberos
Re: Getting a Windows username from an SID with Kerberos
daemon@ATHENA.MIT.EDU (Toby Newman)
Mon Oct 12 10:03:55 2009
From: Toby Newman <google@asktoby.com>
Date: Mon, 12 Oct 2009 14:00:01 +0100
Message-ID: <slrnhd5s9n.afj.google@ID-171443.user.uni-berlin.de>
Mime-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 2009-10-08, Michael B Allen <ioplex@gmail.com> wrote:
> On Thu, Oct 8, 2009 at 5:31 AM, Toby Newman <google@asktoby.com> wrote:
>> I am running Linux in a corporate windows environment.
>>
>> I need to convert user's Active Directory security identifiers (SIDs)
>> to usernames, for example S-1-5-21-484763869-1275210071-682003330-34567
>> to mydomain\jbloggs.
>>
>> There are a few Windows tools that do this like SIDDecode and
>> SidToName, but they don't work under wine.
>>
>> I've been reading about Kerberos and it seems it may be
>> possible to achieve this. Does anyone here know how?
>
> Hi Toby,
>
> Kerberos has nothing to do with SIDs. SIDs are just the numeric id of
> an account in Windows.
>
> So this is off topic for this list but I'll give you some pointers:
>
> 1. Use rpcclient from the Samba package
Thanks for replying.
I've found a way using rpcclient which was perfect for my needs:
rpcclient <server-IP> -U user%pass -c "lookupsids <sid>"
> 2. Google for JCIFS, create a jcifs.smb.SID, use resolve() with
> suitable credentials and then toDisplayString().
>
> Mike
>
--
-Toby
Add the word afiduluminag to the subject to circumvent my email filters.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
