Authentication on remote host not in a domain

Nov 21, 2011 at 5:56 PM
Hello,

when I use the following code snippet:

public static void logonUser(String user, String password){

IWindowsAuthProvider prov = new WindowsAuthProviderImpl();
IWindowsIdentity identity = prov.logonUser(user, password);
System.out.println("User identity: " + identity.getFqn());
for(IWindowsAccount group : identity.getGroups()) {
System.out.println(" " + group.getFqn() + " (" +
group.getSidString() + ")");
}
}

I am able to retrieve local and domain groups from the machine/domain
where this piece of code is executing.

Suppose the machine X is NOT in a domain and the above piece of code (or
similar) is executing on machine Y. Is it possible to retrieve user groups
based on username/password from machine X?

Regards, Milos
Coordinator
Nov 22, 2011 at 12:32 AM

So these are groups that the user belongs to, not just groups on a remote machine. Which one do you want: the user's groups on the remote machine or all groups on a remote machine?

Nov 22, 2011 at 10:28 AM

I want to obtain a list of all user's local groups on a remote machine which does not belong to any domain. The user is not a domain user and the remote machine is in a workgroup.

I give the username, password  and remote machine ip address and the code checks if the user with the specified password exists in local security database of remote machine. If yes the code gives me all local groups this user belongs to.

 

Is this possible?

Coordinator
Nov 22, 2011 at 5:51 PM

Yes.

The IWindowsAuthProvider interface doesn't let you logon to a remote box, but windows LogonUser (which is wrapped by this) does. So either extend the Waffle code a bit or take raw JNA (https://github.com/twall/jna) and copy a bit of code from the Waffle implementation that uses it. That gives you a token on that remote machine that you can use to obtain all this info from.