Getting a Windows username from an SID with Kerberos

John Jasen jjasen at realityfailure.org
Fri Oct 9 10:38:12 EDT 2009


Toby Newman wrote:
> I am running Linux in a corporate windows environment.
> 
> I need to convert user's Active Directory security identifiers (SIDs)
> to usernames, for example S-1-5-21-484763869-1275210071-682003330-34567
> to mydomain\jbloggs.
> 
> There are a few Windows tools that do this like SIDDecode and
> SidToName, but they don't work under wine.
> 
> I've been reading about Kerberos and it seems it may be
> possible to achieve this. Does anyone here know how?

As someone else mentioned, kerberos has nothing to do with this.

What are you trying to accomplish? Plugging the linux system into Active
Directory? Or are you trying to convert Windows accounts to local UNIX
accounts? Or something else?

As a one time thing, you should be able to do an ldapsearch against AD
with the SID, and return the principalname or some other useful field.


-- 
-- John E. Jasen (jjasen at realityfailure.org)
-- No one will sorrow for me when I die, because those who would
-- are dead already. -- Lan Mandragoran, The Wheel of Time, New Spring



More information about the Kerberos mailing list