Getting a Windows username from an SID with Kerberos

Toby Newman google at asktoby.com
Mon Oct 12 09:00:01 EDT 2009


On 2009-10-08, Michael B Allen <ioplex at gmail.com> wrote:
> On Thu, Oct 8, 2009 at 5:31 AM, Toby Newman <google at asktoby.com> wrote:
>> I am running Linux in a corporate windows environment.
>>
>> I need to convert user's Active Directory security identifiers (SIDs)
>> to usernames, for example S-1-5-21-484763869-1275210071-682003330-34567
>> to mydomain\jbloggs.
>>
>> There are a few Windows tools that do this like SIDDecode and
>> SidToName, but they don't work under wine.
>>
>> I've been reading about Kerberos and it seems it may be
>> possible to achieve this. Does anyone here know how?
>
> Hi Toby,
>
> Kerberos has nothing to do with SIDs. SIDs are just the numeric id of
> an account in Windows.
>
> So this is off topic for this list but I'll give you some pointers:
>
>   1. Use rpcclient from the Samba package

Thanks for replying.
I've found a way using rpcclient which was perfect for my needs:
rpcclient <server-IP> -U user%pass -c "lookupsids <sid>" 

>   2. Google for JCIFS, create a jcifs.smb.SID, use resolve() with
> suitable credentials and then toDisplayString().
>
> Mike
>


-- 
-Toby
Add the word afiduluminag to the subject to circumvent my email filters.



More information about the Kerberos mailing list