Re: Login to Novell NetWare from my own GINA DLL
- From: Chuck Chopp <ChuckChopp@xxxxxxxxxxx>
- Date: Wed, 11 May 2005 12:49:46 -0400
BK wrote:
Hi!, this is the situation:
1) We have our own GINA.DLL library for Windows logon. I the aim to connect to the Novell Netware server we successfully execute NWDSLogin, NWCCOPenConnByName and NWDSAuthenticateConn, but after the system logon the Novell connection does not last. Any clues, what are we missing?
Hmmm.... There's something tricky about the order in which authentication happens. Your Novell eDirectory credentials are tied to the security context of your session in Windows. If you haven't yet gotten a local logon session [using either local or domain Windows credentials] at the time you do your Novell eDir authentication, you may simply be losing the eDdir authentication when the security context changes. One way of demonstrating this is to logon to eDir, map some drive letters to NetWare servers and then use the "Run as..." service/command to launch a program under different Windows credentials; that program will run in a different security context and it won't have any of your mapped drives or eDir authentication state information and it will have to logon to eDir separately.
When you logon to eDir, there's a connection created called the "monitored" connection, which is the connection used purely for eDirectory access and not for file system access. It will show up in MONITOR.NLM's status a having a "*" meaning it's unlicensed. You only need a licensed connection to a server to access print & file services, while pure eDirectory access can be done using an unlicensed connection. The monitored NDS connection is managed by the Novell Client itself, but other connections that you create on your own are fully controlled by your code. So, when I see you referencing making a connection to a server by name and then authenticating that connection, you may be creating an ephemeral connecton that doesn't last. I don't see you making reference to the API function that licenses a connection, nor do I see you referring to setting a flag to make the connection permanent, so the connection may easily be disposed of by the client if it detects that nothing is using the connection. The connection may also appear to disappear if the security context changes as discussed earlier.
2) What is the best way to pass the login information from our Gina.dll to Novell Client? Or how can we suppress the logon Novell Client dialog?
Oh... I'm not sure about that one. There's already some GINA chaining going on depending on whether MSGINA.DLL or NWGINA.DLL is set as your primary GINA. IIRC, what happens is that the primary GINA collects the plain-text credentials and then it passes them to each network provider and requests that they be used to perform autentication. If any given network provider can't authenticate the credentials, then that provider's GINA ends up having to present a logon dialog box for the user to respond to. In the case of NWGINA.DLL, it can accept separate sets of credentials for both eDirectory and Windows, but if you don't provide separate Windows credentials then it simply uses the CN value of your eDirectory username and your password as the Windows credentials. If MSGINA.DLL is the primary GINA, then it only accepts Windows credentials and if the Novell Client can't use those to authenticate then it will prompt for the required credentials.
I seem to recall seeing something in the MSDN docs at one point regarding how you tell a network provider to perform a logon, a password change, etc... in a vendor-neutral manner using the network provider API functions & interfaces.
Have you tried directly doing the NWDSLogin() call within your GINA? Does the Novell Client still prompt for credentials or does it acknowledge that you're authenticated to eDirectory at that point?
3) What is the way to change password on Novell server? The example from Novell does not work (using NWCCOpenConnByName and NWChangeObjectPassword).
That's a bindery mode API function, not a eDirectory API function. Take a look at the eDirectory Libraries for C in the Novell Developer Kit [NDK]. Much like the MSDN kit & web site, Novell has a NDK kit & web site that documents all of the API functions available in the Novell Client and on the NetWare server. API functions that are usable on *both* Win32 & NetWare are known a Novell Client XPLAT [Cross Platform] API functions, and in this case, you're interested in the ones with names of the form "NWDS*()".
http://developer.novell.com/ndk is where you start at, and browse to the documentation from there. There are specific functions to be used for settings & changing a password in eDirectory.
-- Chuck Chopp
ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com
RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651
Do not send me unsolicited commercial email. .
- References:
- Prev by Date: Re: memory problem in dlls.
- Next by Date: Re: memory problem in dlls.
- Previous by thread: Re: Login to Novell NetWare from my own GINA DLL
- Next by thread: Any one know the mechanism of those "anti-crash" SW?
- Index(es):
Relevant Pages
|
