[Zope] Authenticating against NT domain from NT-based Zope

Ian Sealy Ian.Sealy@bristol.ac.uk
Thu, 15 Mar 2001 15:01:59 +0000 (GMT)


Dear all,

Is anyone running Zope on WinNT and authenticating against an NT domain?
If so, how?!

I'm running Zope on a WinNT box that's not a PDC or BDC for its domain.
I want to authenticate users against this domain. My ideal solution
would be to strip out the authentication code from jcNTUserFolder or
NTUserFolder and put it in smbUserFolder, because I can easily generate
lists of users and don't need to query a DC to get them.

But I can't get the authentication to work, even if I have a simple
script like this:

swhome=r'C:\Program Files\Zope'
import sys
sys.path.insert(0, '%s/lib/python' % swhome)
sys.path.insert(1, '%s/bin/lib' % swhome)
sys.path.insert(2, '%s/bin/lib/plat-win' % swhome)
sys.path.insert(3, '%s/bin/lib/win32' % swhome)
sys.path.insert(4, '%s/bin/lib/win32/lib' % swhome)
sys.path.insert(5, '%s' % swhome)
import win32security
token=win32security.LogonUser('Administrator','DORNIER','xxxxxx',win32security.LOGON32_LOGON_NETWORK,win32security.LOGON32_PROVIDER_DEFAULT)

Where DORNIER is the local machine and Administrator is running the
script and has the "Access this computer from the network" and "Act as
part of the operating system" rights.

The error I get is:

pywintypes.api_error: (1314, 'LogonUser', ' A required privilege is not
held by the client.')

What am I doing wrong? Can anybody point me towards some documentation
for win32security? Can anyone point me to some documentation for the
win32security.NetUserChangePassword function mentioned by Chris
McDonough at
http://classic.zope.org/pipermail/zope/1999-October/013032.html ?

Cheers,
Ian