Jump to content
Sign in to follow this  
shaunexe

AD authentication

Recommended Posts

shaunexe

Hi

myself and a collegue have been having difficulties getting this little script working. All it is supposed to do is authenticate the user to AD then check they are a memeber of a certain and if they are log the user name and open IE. We don't appear to be having much luck with this and hoped somebody could help.

#include <file.au3>
#include <AD.au3>
#include <GuiConstants.au3>
#include <EditConstants.au3>

Global $Susername, $Spassword

$gui = GuiCreate("Authenticate",120,170)

GUICtrlCreateLabel("Username:",10,10,50,20)
$Susername = GUICtrlCreateInput("",10,35,100,20)
GUICtrlCreateLabel("Password:",10,70,50,20)
$Spassword = GUICtrlCreateInput("",10,95,100,20,$ES_PASSWORD)


$go = GuiCtrlCreateButton("OK",10,130,50,25)
$cancel = GuiCtrlCreateButton("Cancel",60,130,50,25)

GUISetState()

Do
$msg = GUIGetMsg()

If $msg = $go Then



_AD_Open(GUICtrlRead($Susername), GUICtrlRead($Spassword))
_AD_Open()
If _AD_IsMemberOf("") <> 1 Then
;MsgBox(0,"AD","Error " & @error " returned by _AD_Open.") ; Invalid userid/password etc.
MsgBox(64, "Authentication Failed", "Try Again!")
Exit
Endif

_AD_Close()
; Output Username to a log file with date and time
_FileWriteLog(@ScriptDir & "Username.log", GUICtrlRead($Susername))

ShellExecute("C:\Program Files\Internet Explorer\iexplore.exe")

EndIf

If $msg = $cancel Then
Exit
EndIf

Until GUIGetMsg() = $GUI_EVENT_CLOSE
GuiDelete($gui)

Thanks

Share this post


Link to post
Share on other sites
water

This should work. Set variable $sGroup to the group you want to check membership:

#include <file.au3>
#include <AD.au3>
#include <GuiConstants.au3>
#include <ButtonConstants.au3>
#include <EditConstants.au3>

_AD_ErrorNotify(2)
Global $hUserName, $hPassword, $sUserName, $sPassword, $sGroup = "Test"
$gui = GUICreate("Authenticate", 120, 170)
GUICtrlCreateLabel("Username:", 10, 10, 50, 20)
$hUserName = GUICtrlCreateInput("", 10, 35, 100, 20)
GUICtrlCreateLabel("Password:", 10, 70, 50, 20)
$hPassword = GUICtrlCreateInput("", 10, 95, 100, 20, $ES_PASSWORD)
$go = GUICtrlCreateButton("OK", 10, 130, 50, 25, $BS_DEFPUSHBUTTON)
$cancel = GUICtrlCreateButton("Cancel", 60, 130, 50, 25)
GUISetState()
While 1
    $msg = GUIGetMsg()
    Switch $msg
        Case $go
            $sUserName = GUICtrlRead($hUserName)
            $sPassword = GUICtrlRead($hPassword)
            _AD_Open($sUserName, $sPassword)
            If @error Then
                MsgBox(64, "Error", "Authentication Failed! Try again!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                Exit
            ElseIf _AD_IsMemberOf($sGroup) <> 1 Then
                MsgBox(64, "Error", "User is not member of group '" & $sGroup & "'!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                _AD_Close()
                Exit
            EndIf
            _AD_Close()
        ; Output Username to a log file with date and time
;        _FileWriteLog(@ScriptDir & "Username.log", GUICtrlRead($hUserName))
;        ShellExecute("C:\Program Files\Internet Explorer\iexplore.exe")
        Case $cancel, $GUI_EVENT_CLOSE
            Exit
    EndSwitch
WEnd
GUIDelete($gui)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
shaunexe

Hi

still not working, even tried the put in the full path to the group and failed. It does appear to be authenticating as if I test with incorrect password it gives the authentication failure error.

Share this post


Link to post
Share on other sites
water

What's the exact @error and @extended values you get?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
shaunexe

@error:0 @extended:0 that's just using membership of Domain Users.

Share this post


Link to post
Share on other sites
water

You have to pass the username to function _AD_IsMemberOf as parameter 2 (samaccountname or FQDN). And if you want to check the primary group you have to set parameter 3 to True (because in AD primary groups have no members - so the membership check has to be done differently).

Or you could use function _AD_GetUserPrimaryGroup to check for the primary group of the user.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

Your current script allows to enter any user name plus this users password. You then connect to the AD with this credentials.

But function _AD_IsMemberOf - as you use it right now - uses the current user name (the user logged on to the computer) to check the membership.

That's why you have to pass the username to the function.

Every user has a primary group he is assigned to. You can query the members of every group but not the primary group for performance reasons (limitation of AD).

That's why you need parameter 3 if you want to check the primary group.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
water

Something like this:

#include <file.au3>
#include <AD.au3>
#include <GuiConstants.au3>
#include <ButtonConstants.au3>
#include <EditConstants.au3>

_AD_ErrorNotify(2)
Global $hUserName, $hPassword, $sUserName, $sPassword, $sGroup = "Domain Users"
$gui = GUICreate("Authenticate", 120, 170)
GUICtrlCreateLabel("Username:", 10, 10, 50, 20)
$hUserName = GUICtrlCreateInput("", 10, 35, 100, 20)
GUICtrlCreateLabel("Password:", 10, 70, 50, 20)
$hPassword = GUICtrlCreateInput("", 10, 95, 100, 20, $ES_PASSWORD)
$go = GUICtrlCreateButton("OK", 10, 130, 50, 25, $BS_DEFPUSHBUTTON)
$cancel = GUICtrlCreateButton("Cancel", 60, 130, 50, 25)
GUISetState()
While 1
    $msg = GUIGetMsg()
    Switch $msg
        Case $go
            $sUserName = GUICtrlRead($hUserName)
            $sPassword = GUICtrlRead($hPassword)
            _AD_Open($sUserName, $sPassword)
            If @error Then
                MsgBox(64, "Error", "Authentication Failed! Try again!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                Exit
            ElseIf _AD_IsMemberOf($sGroup, $sUserName, True) <> 1 Then
                MsgBox(64, "Error", "User is not member of group '" & $sGroup & "'!" & @CRLF & "@error: " & @error & ", @extended: " & @extended)
                _AD_Close()
                Exit
            EndIf
            _AD_Close()
        ; Output Username to a log file with date and time
        _FileWriteLog(@ScriptDir & "Username.log", $sUserName)
        ShellExecute("C:\Program Files\Internet Explorer\iexplore.exe")
        Case $cancel, $GUI_EVENT_CLOSE
            Exit
    EndSwitch
WEnd
GUIDelete($gui)

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×