Announcement

**charliechaps** · 08-07-2019, 02:14 PM

Hi Centauri Soldier ,
Not sure if this helps or is even on the same "track", but just a stab at signing in to NAS from SSH
SFTP.zip

**Centauri Soldier** · 08-08-2019, 09:37 AM

Uh, nope, not even on the same track, thanks though. My post is about AD and authentication.

**Centauri Soldier** · 12-27-2019, 03:07 PM

I'm still trying to figure this one out. Does anyone know if it could be done with the WinAPI plugin or maybe some kind of dll?

**Ulrich** · 12-27-2019, 04:34 PM

If your Synology NAS is connected to Microsoft Azure AD Domain Services (see here), then you could build an action plugin with Chilkat and get an access token. Most likely this would be overkill.
What about attempting to use LogonUserA()? It doesn't look too complicated, you should be able to write a quick DLL for this.

Ulrich

**Imagine Programming** · 12-30-2019, 06:08 AM

Originally posted by Ulrich View Post

If your Synology NAS is connected to Microsoft Azure AD Domain Services (see here), then you could build an action plugin with Chilkat and get an access token. Most likely this would be overkill.
What about attempting to use LogonUserA()? It doesn't look too complicated, you should be able to write a quick DLL for this.

Ulrich

It might even be possible with MemoryEx - however I've never done domain authentication.

**Ulrich** · 12-30-2019, 08:26 AM

If you have access to a PC on the domain, check the USERDOMAIN or USERDNSDOMAIN environment variables, this should hold the domain name which you can use in the call. You can also check the computer properties, where you can find the PC name, and OS info. The username and password will need to be provided, and the LogonType most likely set to LOGON32_LOGON_BATCH. With this, you should be able to call LogonUser() and perform a basic credential test...

Ulrich

**Centauri Soldier** · 12-31-2019, 11:38 AM

Ulrich
The NAS is not connected to MS Azure. We opted, since we're a very small non-profit, to use the built-in AD service and not extend beyond that. Anything more involved, I fear, would be over-complicating things within our operation.

I've just read the API docs for LongUserA() and it looks promising. I'll do some testing to see if I can get it to work. Thanks for the suggestion.

@Bas
That's a very powerful plugin, I'm sure it could; however, I'm not sure I'd know where to start with it.

EDIT: I've tried a few calls to the dll but am not getting anything returned.
Here's my code, do you see any errors here?

PHP Code:


local sParameters = [["USERNAME","MMSC.ORG","PW",2,0,""]];
local nReturn = DLL.CallFunction("C:\Windows\System32\advapi32.dll", "LogonUserA", sParameters, DLL_RETURN_TYPE_INTEGER, DLL_CALL_STDCALL);

I've tried variations of it too. E.g., I've changed the call type, set the last parameter to nil, etc. I'm getting nothing back in the return.

Nevermind, noob mistake. I've been coding in Java for like 2 years and haven't touched lua much. So, as you can see, I didn't escape my backslashes. Okay, now to go try out the function for real :P.

**Centauri Soldier** · 12-31-2019, 12:39 PM

Okay, it works! Thanks you guys.

**Centauri Soldier** · 12-31-2019, 01:29 PM

I have one more question.

I've been looking through the advapi32.dll and doing internet searches as well but haven't found what I'm looking for.
I'm trying to determine what groups the user belongs to and (if possible) gather other account info such as full name, email etc. Is there a function(s) that could provide that info through an AD query?

**Ulrich** · 12-31-2019, 02:30 PM

I know that you can see which groups an account is a member of in dsa.msc (Active Directory Users and Computers), but I have no clue how this can be retrieved via some DLL. There is a way using Powershell with Get-ADGroupMembership. What I have done in the past was running a Powershell script (for retrieving another kind of information, from Exchange) via File.Run(), writing its output to a text file, then reading the results back in Lua. Yes, I know - it is not very elegant, but it works fine.

Ulrich

**Imagine Programming** · 01-02-2020, 05:09 PM

Does NetUserGetGroups do what you need? It's in Netapi32.dll. It also has a function called NetUserGetLocalGroups, for the system local groups.

**Centauri Soldier** · 01-03-2020, 11:39 AM

@Bas
It looks like that command requires some memory pointers and I don't think I can create those with a simple cmd/powershell command. Otherwise, that would be a great solution. It covers everything I need but is better used in C I think. When I tried null command entries, it crashed the program. It also very possible I just don't know what I'm doing when trying to implement this solution this lol.

@Ulrich
That requires a specific module installed so I can't guarantee it will work across every system on the domain; however, your text file write/parse solution still works if I use the net user /domain xxxx command.

Thanks again, guys, you've been most helpful...problem solved

.

In fact, I think I'll write a little plugin for simple AD operations.

**SupperBin** · 01-12-2020, 04:36 PM

Hi Centauri Soldier,
The way I Authentication user with active directory/LDAP is to use PowerShell and with a number of tools, this works great within AutoPlay Media Studio.
I have attached an example of how to do users authentication, tested with windows server 2012/2019 domain and windows 10 client. This works via using LUACOM module that is included with the example to connect to PowerShell Com Object via ActiveXPoshV3.
The prerequires need:

LUACOM DLL module – Included

Wow64 Action Plugin from Mindquake: (this is need to help temporally change the PowerShell policy and then resort when we have finished. https://www.mindquake.com.br/softwar...ugins/14-wow64

ActiveXPoshV3 this allows you to use to create an com object to PowerShell, goto https://www.sapien.com/ and create an free account, when you have created an account then go to: https://www.sapien.com/downloads#Free%20Components/ on this page you will see an windows on the left go to Free Components and download the correct version of ActiveXPoshV3. When installed you will need to register the DLL’s, I have an button in the example called “Register DLL (.Net Fix)” run this first and it will register the dll’s.

Attached Files

AD Login.apz (155.1 KB, 21 views)

**Centauri Soldier** · 01-13-2020, 11:43 AM

Hey Super, thanks for the reply and info. I've mananged to sort the problem out though. I'm doing it using the command line. I've also created a plugin for it, you can find it on my site.

Announcement

Active Directory User Authentication

Active Directory User Authentication

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment