Vincent Le Toux
2020-Oct-12 13:09 UTC
[Samba] Lookup sid with libsmbclient (invoked from c# on mono)
I'm trying to port PingCastle (which is an AD audit tool - https://www.pingcastle.com/download) from Windows to Linux. The program being written in c#, I've no other solution than calling native libraries. (the mono framework is missing critical components) It uses SMB / LDAP / RPC calls to collect its information. Here is the current state: LDAP: openldap with simplebind (no benefit yet of winbind) => OK RPC: smbclient for finding a DC, work in progress to resolve SID (found in security descriptors) => WIP SMB: not tested yet => WIP Right now, I'm stuck at resolving SID and I'm looking for a practical solution. br Vincent Le lun. 12 oct. 2020 ? 14:06, Rowland penny via samba <samba at lists.samba.org> a ?crit :> On 12/10/2020 12:57, Vincent Le Toux via samba wrote: > > Thanks Aur?lien > > > > Can you point to me how I can start LDAP connection using winbind ? > > I'm using ldap_simple_bind so far so there is no use of winbind in it. > > > > I'll be happy also if you can point me to the winbind API where you can > > input login / password > > I have no idea just what you are hoping to achieve, but it is seemingly > possible without authentication as 'wbinfo -n ACCOUNT_NAME' returns the > accounts SID. So try looking at the wbinfo code. > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- --- Vincent
Rowland penny
2020-Oct-12 13:46 UTC
[Samba] Lookup sid with libsmbclient (invoked from c# on mono)
On 12/10/2020 14:09, Vincent Le Toux wrote:> I'm trying to port PingCastle (which is an AD audit tool - > https://www.pingcastle.com/download) from Windows to Linux. > The program being written in c#, I've no other solution than calling > native libraries. > (the mono framework is missing critical components) > > It uses SMB / LDAP / RPC calls to collect its information. > Here is the current state: > LDAP: openldap with simplebind (no benefit yet of winbind) => OK > RPC: smbclient for finding a DC, work in progress to resolve SID > (found in security descriptors) => WIP > SMB: not tested yet => WIP > > Right now, I'm stuck at resolving SID and I'm looking for a practical > solution. >Are you trying to get the domain SID ? This is obtainable via ldap (unfortunately only easily readable using ldbsearch): ldbsearch -H ldap://dc01 -b "DC=samdom,DC=example,DC=com" -s base objectSid Where 'DC=samdom,DC=example,DC=com' is the defaultNamingContex Rowland
Vincent Le Toux
2020-Oct-12 13:51 UTC
[Samba] Lookup sid with libsmbclient (invoked from c# on mono)
Not only the domain SID, but a LOT of SID ... Basically I'm using it to analyze the ntsecuritdescriptor attribute (and not only it) br Vincent Le lun. 12 oct. 2020 ? 15:47, Rowland penny via samba <samba at lists.samba.org> a ?crit :> On 12/10/2020 14:09, Vincent Le Toux wrote: > > I'm trying to port PingCastle (which is an AD audit tool - > > https://www.pingcastle.com/download) from Windows to Linux. > > The program being written in c#, I've no other solution than calling > > native libraries. > > (the mono framework is missing critical components) > > > > It uses SMB / LDAP / RPC calls to collect its information. > > Here is the current state: > > LDAP: openldap with simplebind (no benefit yet of winbind) => OK > > RPC: smbclient for finding a DC, work in progress to resolve SID > > (found in security descriptors) => WIP > > SMB: not tested yet => WIP > > > > Right now, I'm stuck at resolving SID and I'm looking for a practical > > solution. > > > Are you trying to get the domain SID ? This is obtainable via ldap > (unfortunately only easily readable using ldbsearch): > > ldbsearch -H ldap://dc01 -b "DC=samdom,DC=example,DC=com" -s base objectSid > > Where 'DC=samdom,DC=example,DC=com' is the defaultNamingContex > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- --- Vincent
Maybe Matching Threads
- Lookup sid with libsmbclient (invoked from c# on mono)
- Lookup sid with libsmbclient (invoked from c# on mono)
- Lookup sid with libsmbclient (invoked from c# on mono)
- Lookup sid with libsmbclient (invoked from c# on mono)
- Lookup sid with libsmbclient (invoked from c# on mono)