开发者

Finding authenticated Windows user remotely with Linux

开发者 https://www.devze.com 2023-02-15 16:10 出处:网络
I\'m working on a project that needs to deter开发者_运维百科mine the username currently logged into a Windows workstation from a Linux client. The Linux client has the IP address / hostname of the wor

I'm working on a project that needs to deter开发者_运维百科mine the username currently logged into a Windows workstation from a Linux client. The Linux client has the IP address / hostname of the workstation, and can potentially access the Active Directory domain controller, but has nothing else.

I understand that the "psloggedon \hostname" utility from Windows would do the job, but I'm looking for a Linux/Unix alternative.

Any suggestions?


This is the script I'm using. It requires Samba, i think at least version 3.x, it only asks for domain admin password once per run, not really secure but its better than hardcoding into the script.

#!/bin/bash
ADMIN_USER='DOMAIN_NAME\Administrator'
DOMAIN_CONTROLLER='hostname.of.domain.controller'
#

die () {
        echo >&2 "$@"
            exit 1
}

# Die if computer name missing
[ "$#" -eq 1 ] || die "Usage: loggedon <computer>"
COMPUTER=$1
# Store domain admin password in a variable to avoid asking every time.
read -s -p "Please provide domain administrator password: " ADMIN_PASSWORD
echo
# Store all sids logged on $COMPUTER inside an array
# Notice I'm using PASSWD= environement variable to push the admin password
# to net command, this way it won't ask for it.
#
SIDs=(`PASSWD=$ADMIN_PASSWORD /usr/bin/net rpc registry enumerate 'HKEY_USERS' -S $COMPUTER -U $ADMIN_USER | grep _Classes | cut -d '=' -f2 | sed 's/ //g'`)
if [ "${#SIDs[@]}" -gt 0 ]; then
    printf "Found %s logged on $COMPUTER\n" "${SIDs[@]}"
    echo
    # Retrieves CommonName attribute from DC for each SID
    for i in "${SIDs[@]}"
    do
        :           
        RAW_USER=`PASSWD=$ADMIN_PASSWORD net ads sid -S $DOMAIN_CONTROLLER -U Administrator $i`
            #RAW_USER contains all attributes from ldap, we need to clean it first
        USER=`echo $RAW_USER | egrep -o 'cn: (.+)sn:' | sed -e 's/sn\://g'`
        echo "$USER is logged on $COMPUTER"
    done
else
    echo Nobody is logged on $COMPUTER
fi
0

精彩评论

暂无评论...
验证码 换一张
取 消