Announcement

Collapse
No announcement yet.

Active Directory User Authentication

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory User Authentication

    So, I've been reading the forum for about an hour now and I've found several threads on this topic but they're all in reference to using plugins for AMS 7.x that are no longer available for AMS 8.x. Does anyone know how, using AMS 8.x, I could authenticate an active directory user for the purpose of signing into my AMS application?

    EDIT: I should also say that my DC is on a Synology NAS. We're using a Windows domain with each workstation running Windows 10 Pro. I don't know if any of this matters for my question but thought I'd include it just in case.
    Last edited by Centauri Soldier; 08-07-2019, 02:55 PM.
    https://github.com/CentauriSoldier

  • #2
    Hi Centauri Soldier ,
    Not sure if this helps or is even on the same "track", but just a stab at signing in to NAS from SSH
    SFTP.zip

    Comment


    • #3
      Uh, nope, not even on the same track, thanks though. My post is about AD and authentication.
      https://github.com/CentauriSoldier

      Comment


      • #4
        I'm still trying to figure this one out. Does anyone know if it could be done with the WinAPI plugin or maybe some kind of dll?
        https://github.com/CentauriSoldier

        Comment


        • #5
          If your Synology NAS is connected to Microsoft Azure AD Domain Services (see here), then you could build an action plugin with Chilkat and get an access token. Most likely this would be overkill.
          What about attempting to use LogonUserA()? It doesn't look too complicated, you should be able to write a quick DLL for this.

          Ulrich

          Comment


          • #6
            Originally posted by Ulrich View Post
            If your Synology NAS is connected to Microsoft Azure AD Domain Services (see here), then you could build an action plugin with Chilkat and get an access token. Most likely this would be overkill.
            What about attempting to use LogonUserA()? It doesn't look too complicated, you should be able to write a quick DLL for this.

            Ulrich
            It might even be possible with MemoryEx - however I've never done domain authentication.
            Bas Groothedde
            Imagine Programming :: Blog

            AMS8 Plugins
            IMXLH Compiler

            Comment


            • #7
              If you have access to a PC on the domain, check the USERDOMAIN or USERDNSDOMAIN environment variables, this should hold the domain name which you can use in the call. You can also check the computer properties, where you can find the PC name, and OS info. The username and password will need to be provided, and the LogonType most likely set to LOGON32_LOGON_BATCH. With this, you should be able to call LogonUser() and perform a basic credential test...

              Ulrich

              Comment


              • #8
                Ulrich
                The NAS is not connected to MS Azure. We opted, since we're a very small non-profit, to use the built-in AD service and not extend beyond that. Anything more involved, I fear, would be over-complicating things within our operation.

                I've just read the API docs for LongUserA() and it looks promising. I'll do some testing to see if I can get it to work. Thanks for the suggestion.

                @Bas
                That's a very powerful plugin, I'm sure it could; however, I'm not sure I'd know where to start with it.



                EDIT: I've tried a few calls to the dll but am not getting anything returned.
                Here's my code, do you see any errors here?

                PHP Code:
                local sParameters = [["USERNAME","MMSC.ORG","PW",2,0,""]];
                local nReturn DLL.CallFunction("C:\Windows\System32\advapi32.dll""LogonUserA"sParametersDLL_RETURN_TYPE_INTEGERDLL_CALL_STDCALL); 
                I've tried variations of it too. E.g., I've changed the call type, set the last parameter to nil, etc. I'm getting nothing back in the return.

                Nevermind, noob mistake. I've been coding in Java for like 2 years and haven't touched lua much. So, as you can see, I didn't escape my backslashes. Okay, now to go try out the function for real :P.
                Last edited by Centauri Soldier; 12-31-2019, 01:33 PM.
                https://github.com/CentauriSoldier

                Comment


                • #9
                  Okay, it works! Thanks you guys.
                  https://github.com/CentauriSoldier

                  Comment


                  • #10
                    I have one more question.

                    I've been looking through the advapi32.dll and doing internet searches as well but haven't found what I'm looking for.
                    I'm trying to determine what groups the user belongs to and (if possible) gather other account info such as full name, email etc. Is there a function(s) that could provide that info through an AD query?
                    https://github.com/CentauriSoldier

                    Comment


                    • #11
                      I know that you can see which groups an account is a member of in dsa.msc (Active Directory Users and Computers), but I have no clue how this can be retrieved via some DLL. There is a way using Powershell with Get-ADGroupMembership. What I have done in the past was running a Powershell script (for retrieving another kind of information, from Exchange) via File.Run(), writing its output to a text file, then reading the results back in Lua. Yes, I know - it is not very elegant, but it works fine.

                      Ulrich

                      Comment


                      • #12
                        Does NetUserGetGroups do what you need? It's in Netapi32.dll. It also has a function called NetUserGetLocalGroups, for the system local groups.
                        Bas Groothedde
                        Imagine Programming :: Blog

                        AMS8 Plugins
                        IMXLH Compiler

                        Comment


                        • #13
                          @Bas
                          It looks like that command requires some memory pointers and I don't think I can create those with a simple cmd/powershell command. Otherwise, that would be a great solution. It covers everything I need but is better used in C I think. When I tried null command entries, it crashed the program. It also very possible I just don't know what I'm doing when trying to implement this solution this lol.

                          @Ulrich
                          That requires a specific module installed so I can't guarantee it will work across every system on the domain; however, your text file write/parse solution still works if I use the net user /domain xxxx command.

                          Thanks again, guys, you've been most helpful...problem solved .

                          In fact, I think I'll write a little plugin for simple AD operations.
                          Last edited by Centauri Soldier; 01-03-2020, 01:24 PM.
                          https://github.com/CentauriSoldier

                          Comment


                          • #14
                            Hi Centauri Soldier,
                            The way I Authentication user with active directory/LDAP is to use PowerShell and with a number of tools, this works great within AutoPlay Media Studio.
                            I have attached an example of how to do users authentication, tested with windows server 2012/2019 domain and windows 10 client. This works via using LUACOM module that is included with the example to connect to PowerShell Com Object via ActiveXPoshV3.
                            The prerequires need:
                            1. LUACOM DLL module – Included
                            1. Wow64 Action Plugin from Mindquake: (this is need to help temporally change the PowerShell policy and then resort when we have finished. https://www.mindquake.com.br/softwar...ugins/14-wow64
                            1. ActiveXPoshV3 this allows you to use to create an com object to PowerShell, goto https://www.sapien.com/ and create an free account, when you have created an account then go to: https://www.sapien.com/downloads#Free%20Components/ on this page you will see an windows on the left go to Free Components and download the correct version of ActiveXPoshV3. When installed you will need to register the DLL’s, I have an button in the example called “Register DLL (.Net Fix)” run this first and it will register the dll’s.
                            Attached Files

                            Comment


                            • #15
                              Hey Super, thanks for the reply and info. I've mananged to sort the problem out though. I'm doing it using the command line. I've also created a plugin for it, you can find it on my site.
                              Last edited by Centauri Soldier; 01-31-2020, 12:44 PM.
                              https://github.com/CentauriSoldier

                              Comment

                              Working...
                              X