[Zope] NT User Folder - No Domain support?

Chris McDonough chris@iqgroup.com
Wed, 20 Oct 1999 12:48:14 -0400


 Hmmm... I dont think this method is going to work.  The
win32security.LogonUser function doesn't allow you to authenticate to a
remote computer.  From the docs:

--- begin docs ---

win32security.LogonUser

PyHANDLE = LogonUser( userName, domain , password , logonType ,
logonProvider )
Attempts to log a user on to the local computer, that is, to the computer
from which LogonUser was called. You cannot use LogonUser to log on to a
remote computer.

Parameters

userName : string

The name of the user account to log on to.

domain : string

The name of the domain, or None for the current domain

password : string

The password to use.

logonType : int

Specifies the type of logon operation to perform.  Must be a combination of
the LOGON32_LOGON* constants.

logonProvider : int

Specifies the logon provider to use.

--- end docs ---

I am still trying to find the call to do a username/password lookup to a
remote machine.

-----Original Message-----
From: Toby Dickenson
To: 'Ian Blenke'; Toby Dickenson
Cc: zope@zope.org
Sent: 10/20/99 2:32 AM
Subject: RE: [Zope] NT User Folder - No Domain support?

Hmmmm. Are you running Zope in the local system account (ie the default
account for a service?)

That account does not have rights to access a network, so probably can
not
authenticate against the domain controller. Try switching to the account
of
a user in the domain, and remember to give that user the 'Act as part of
the
operating system' permission.

If I think of anything else, Ill let you know in another 24 hours ;-)

-----Original Message-----
From: Ian Blenke [mailto:icblenke@2c2.com]
Sent: 19 October 1999 22:23
To: 'Toby Dickenson'
Cc: zope@zope.org
Subject: RE: [Zope] NT User Folder - No Domain support?


On Oct 19, 1999, Toby Dickenson wrote:

> You can fix this by making some changes to the NTUserFolder source:
> 
> 1. Change the first parameter from None to the name of a DC, in the
calls
to
>    NetUserEnum and NetUserGetInfo
> 
> 2. Change the second parameter from "." to the name of a DC, in the
call
to
>    LogonUser
> 
> That looks like it should work, but it is untested.

You had me convinced :) Unfortunately, this doesn't seem to work. I've
tried
using the PDC and multiple BDCs, uppercase and lowercase names, and
using
our domain name instead of a hostname - no joy. 

Time for me to dig a little deeper into the win32 extensions :)

> A question for anyone else using NTUserFolder.... Would it be
appropriate
to
> change the default to authenticate in the domain?

It might be nice to add a "domainname" field to the addForm - perhaps
with
a checkbox to flag "use local SAM only" or some such workaround.

 - Ian C. Blenke <icblenke@2c2.com> <ian@blenke.com>


_______________________________________________
Zope maillist  -  Zope@zope.org
http://www.zope.org/mailman/listinfo/zope

(Related lists - please, no cross posts or HTML encoding!

To receive general Zope announcements, see:
http://www.zope.org/mailman/listinfo/zope-announce

For developer-specific issues, zope-dev@zope.org -
http://www.zope.org/mailman/listinfo/zope-dev )