[Zope] NT User Folder - No Domain support?
Chris McDonough
chris@iqgroup.com
Wed, 20 Oct 1999 12:48:14 -0400
Hmmm... I dont think this method is going to work. The
win32security.LogonUser function doesn't allow you to authenticate to a
remote computer. From the docs:
--- begin docs ---
win32security.LogonUser
PyHANDLE = LogonUser( userName, domain , password , logonType ,
logonProvider )
Attempts to log a user on to the local computer, that is, to the computer
from which LogonUser was called. You cannot use LogonUser to log on to a
remote computer.
Parameters
userName : string
The name of the user account to log on to.
domain : string
The name of the domain, or None for the current domain
password : string
The password to use.
logonType : int
Specifies the type of logon operation to perform. Must be a combination of
the LOGON32_LOGON* constants.
logonProvider : int
Specifies the logon provider to use.
--- end docs ---
I am still trying to find the call to do a username/password lookup to a
remote machine.
-----Original Message-----
From: Toby Dickenson
To: 'Ian Blenke'; Toby Dickenson
Cc: zope@zope.org
Sent: 10/20/99 2:32 AM
Subject: RE: [Zope] NT User Folder - No Domain support?
Hmmmm. Are you running Zope in the local system account (ie the default
account for a service?)
That account does not have rights to access a network, so probably can
not
authenticate against the domain controller. Try switching to the account
of
a user in the domain, and remember to give that user the 'Act as part of
the
operating system' permission.
If I think of anything else, Ill let you know in another 24 hours ;-)
-----Original Message-----
From: Ian Blenke [mailto:icblenke@2c2.com]
Sent: 19 October 1999 22:23
To: 'Toby Dickenson'
Cc: zope@zope.org
Subject: RE: [Zope] NT User Folder - No Domain support?
On Oct 19, 1999, Toby Dickenson wrote:
> You can fix this by making some changes to the NTUserFolder source:
>
> 1. Change the first parameter from None to the name of a DC, in the
calls
to
> NetUserEnum and NetUserGetInfo
>
> 2. Change the second parameter from "." to the name of a DC, in the
call
to
> LogonUser
>
> That looks like it should work, but it is untested.
You had me convinced :) Unfortunately, this doesn't seem to work. I've
tried
using the PDC and multiple BDCs, uppercase and lowercase names, and
using
our domain name instead of a hostname - no joy.
Time for me to dig a little deeper into the win32 extensions :)
> A question for anyone else using NTUserFolder.... Would it be
appropriate
to
> change the default to authenticate in the domain?
It might be nice to add a "domainname" field to the addForm - perhaps
with
a checkbox to flag "use local SAM only" or some such workaround.
- Ian C. Blenke <icblenke@2c2.com> <ian@blenke.com>
_______________________________________________
Zope maillist - Zope@zope.org
http://www.zope.org/mailman/listinfo/zope
(Related lists - please, no cross posts or HTML encoding!
To receive general Zope announcements, see:
http://www.zope.org/mailman/listinfo/zope-announce
For developer-specific issues, zope-dev@zope.org -
http://www.zope.org/mailman/listinfo/zope-dev )