Blutgerinsel
(Fresh Scripter)
2003-12-24 04:10 PM
Network Ressources Mapping with User Auth

Hello,
I have a Problem with this script only without User Authentifikation it works correctly under administrator account.
I mean there is somewhere a syntax error but where?

Code:

IF instr(@IPADDRESS0,"192") and instr(@IPADDRESS0,"168") and instr(@IPADDRESS0,"5")
IF @userid = 'adm-jack' or @userid = 'jack'
? 'Error '+@ERROR+' - '+@SERROR
USE E: "\\workstat\c$$" /user:adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE F: '\\workstat\d$$' /user:adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE G: '\\workstat\e$$' /user:adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE H: '\\workstat\f$$' /user:adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE I: '\\workstat\g$$' /user:adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE J: '\\workstat\h$$' /user:adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE K: '\\workstat\i$$' /user:adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE L: '\\workstat\l$$' /user:adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE M: '\\workstat\m$$' /user:adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE N: '\\workstat\n$$' /user:adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
ENDIF
Endif



Les
(KiX Master)
2003-12-24 04:18 PM
Re: Network Ressources Mapping with User Auth

Where does the account live that you are using? Is it local to the workstation or a domain account? You might want to try including the domain. Big security risk though to include your password in the script.

Your use of INSTR() in your IF condition is not a good way to go as you could have false positives.


Sealeopard
(KiX Master)
2003-12-24 04:26 PM
Re: Network Ressources Mapping with User Auth

See the TCP/IP Primer in the FAQ Forum on how to parse different subnets.

Where does the script run? You cannot authenticate against the same computer with two different accounts unless one cnnection is made to the computername and the second connections is made to the IP address of the computer.


Blutgerinsel
(Fresh Scripter)
2003-12-24 05:06 PM
Re: Network Ressources Mapping with User Auth

Quote:

See the TCP/IP Primer in the FAQ Forum on how to parse different subnets.

Where does the script run? You cannot authenticate against the same computer with two different accounts




Why I should go to read FAQ abozut Subnet Masks?
I have only one Subnet Mask in my LAN?

The script runs local on clients and are password protected.
Because I haven*t got any server which is still working...

The Client IPs are static addresses too. The Adresses are get from one DHCP Server. The release time are endless...

The Script shows what IP I get and if the conditions are true. The Client are in my home network. If not the script must not mapping anything of my network drive.

Why I should need subnet about this situation?

The Clients are have the same workgroup, no domain....







Sealeopard
(KiX Master)
2003-12-24 05:09 PM
Re: Network Ressources Mapping with User Auth

If you have a workgroup then the user/password must exist on the local computer and you need to prefix the username with the computername.

The TCP/IP Primer shows preferred methods to evaluate whether a specific IPO address is part of a subnet. However, as you have only one subnet, why check this at all?


Blutgerinsel
(Fresh Scripter)
2003-12-24 05:28 PM
Re: Network Ressources Mapping with User Auth

Quote:

If you have a workgroup then the user/password must exist on the local computer and you need to prefix the username with the computername.
The TCP/IP Primer shows preferred methods to evaluate whether a specific IPO address is part of a subnet. However, as you have only one subnet, why check this at all?




The user accounts with the password are exist at all workstations exactly.

I check the IP Adress because if I connect to another network at business network for example I don't need this network ressources and need another proxy settings.

That is the reason why I need this condition.

Have I got any errors in my syntax?

Should I take the name of the workgroup anstead the workstation name????

Plz help me thx


ShaneEP
(MM club member)
2003-12-24 05:31 PM
Re: Network Ressources Mapping with User Auth

Why do 3 differnt InStr's?

Why not just...

Code:
IF instr(@IPADDRESS0,"192.168.  5")



Instead of...

Code:
IF instr(@IPADDRESS0,"192") and instr(@IPADDRESS0,"168") and instr(@IPADDRESS0,"5")



Or like Jens said...Why check subnet at all if there is only one? Is it possible for someone to run your login script if they are not on your subnet?


ShaneEP
(MM club member)
2003-12-24 05:35 PM
Re: Network Ressources Mapping with User Auth

If the adm-jack user is set up locally on all machines then maybe change it from...

Code:
USE E: "\\workstat\c$$" /user:adm-Jack /password:something



To...

Code:
USE E: "\\workstat\c$$" /user:@WkSta\adm-Jack /password:something



As Jens tried pointing out above...


ShaneEP
(MM club member)
2003-12-24 05:40 PM
Re: Network Ressources Mapping with User Auth

Maybe something like this...

Code:
IF instr(@IPADDRESS0,"192.168.  5")
IF @userid = 'adm-jack' or @userid = 'jack'
USE E: "\\workstat\c$$" /user:@WkSta\adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE F: '\\workstat\d$$' /user:@WkSta\adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE G: '\\workstat\e$$' /user:@WkSta\adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE H: '\\workstat\f$$' /user:@WkSta\adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE I: '\\workstat\g$$' /user:@WkSta\adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE J: '\\workstat\h$$' /user:@WkSta\adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE K: '\\workstat\i$$' /user:@WkSta\adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE L: '\\workstat\l$$' /user:@WkSta\adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE M: '\\workstat\m$$' /user:@WkSta\adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
USE N: '\\workstat\n$$' /user:@WkSta\adm-jack /password:something
? 'Error '+@ERROR+' - '+@SERROR
ENDIF
Endif



Les
(KiX Master)
2003-12-24 05:47 PM
Re: Network Ressources Mapping with User Auth

Quote:

Why I should need subnet about this situation?



Using INSTR() on the IP address without breaking it into octets is not very accurate. The occurance of "5" could happen 48 times (0-254) in any octet and since you preclude only two others, it's more like 96 times! Also the "192" and "168" could occur in any of the four octets! With that sort of inaccuracy, what is the point of even checking?

If this is a workgroup and the scripts are local to every machine, what is the point of checking at all? It certainly is not any kind of security except perhaps security by ignorance.


Sealeopard
(KiX Master)
2003-12-24 05:47 PM
Re: Network Ressources Mapping with User Auth

Which i already pointed out, too:
Quote:

If you have a workgroup then the user/password must exist on the local computer and you need to prefix the username with the computername



However, silver-platter-code might illustrate it as well.


ShaneEP
(MM club member)
2003-12-24 06:19 PM
Re: Network Ressources Mapping with User Auth

Hey the boards been slow...I was bored. Besides...If he realizes all of this information can be found in the FAQs and Manuals then he may never post again...And then what would we do around here...

Blutgerinsel
(Fresh Scripter)
2003-12-24 07:33 PM
Re: Network Ressources Mapping with User Auth

Really that this resolution works?

Quote:


USE E: "\\workstat\c$$" /user:@WkSta\adm-Jack /password:something




Unknown username or wrong password have I recieved........


Howard Bullock
(KiX Supporter)
2003-12-24 09:17 PM
Re: Network Ressources Mapping with User Auth

Have not tried but this looks better to me since the workstaion is not an NT domain name.

USE E: "\\workstat\c$$" /user:\\@WkSta\adm-Jack /password:something


Les
(KiX Master)
2003-12-24 09:20 PM
Re: Network Ressources Mapping with User Auth

THis all seems odd to me... logon scripts without a domain. I think the computer name of the computer where the resource is should be on the line, not @WKSTA. Also, if these are admin shares, don't they need to be local admins to use them?

Les
(KiX Master)
2003-12-24 09:37 PM
Re: Network Ressources Mapping with User Auth

Also, there is a hyphen in the username. I bet KiX is trying to do math on it. Who in their right mind would put hyphens in a username?

NTDOCAdministrator
(KiX Master)
2003-12-24 09:49 PM
Re: Network Ressources Mapping with User Auth

Perhaps try something like this

Code:
 USE E: "\\workstat\c$$" /user:@WkSta+"\adm-Jack" /password:something   



NTDOCAdministrator
(KiX Master)
2003-12-24 09:52 PM
Re: Network Ressources Mapping with User Auth

Could also possibly use something like this if you use the NoVarInStrings option.


Debug Off
Break On
Dim $iRC
$iRC=SetOption('Explicit','On')
$iRC=SetOption('NoVarsInStrings','On')

USE E: "\\workstat\c$" /user:"system where account resides" + "\" +"adm-Jack" /password:something
? 'Mapping success: ' + @ERROR + ' '+@SERROR


Les
(KiX Master)
2003-12-24 10:57 PM
Re: Network Ressources Mapping with User Auth

HEHEE
DOC and I were chatting about this on MSN, while DOC was testing some code against one of his servers. A server, I might add that has hyphens in the name. The test code kept returning syntax errors until he wrapped the server name it in quotes. KiX has historically had problems parsing some parms with hyphens and the like so one needs to consider this both when naming objects and later when coding around these objects.


Sealeopard
(KiX Master)
2003-12-25 01:03 AM
Re: Network Ressources Mapping with User Auth

Also, you need to supply the username/password of the account that is on the same computer as the share, thus
Code:

$comp='workstation'
$user='username'
$pass='wassword'
use u: '\\'+$comp+'\c$$' /user:+$comp+'\'+$user /pass:$password



Blutgerinsel
(Fresh Scripter)
2003-12-25 09:27 AM
Re: Network Ressources Mapping with User Auth

So that means I couldn't take some admin ressources or what if I login as admin

I don't understand this contribution any more, what shall I do now in the end?



NTDOCAdministrator
(KiX Master)
2003-12-25 11:28 AM
Re: Network Ressources Mapping with User Auth

Blut,

Why don't you explain a little more in detail exactly what it is you're attempting to do and maybe we can help you better.

1. Does this script run for all users as part of a normal logon script?

2. Do you run this script from your own computer against other computers (ie. a remote Admin Script)?

3. Is this an NT 4.0 Domain, 2000 Active Directory, or a Workgroup?

4. Where are the accounts located? On a Domain or on the local workstation?

5. Do your users have local admin rights on their own systems?

6. Are these NT Admin shares on local computer or are they hidden shares on a resource volume?

7. What version of KiXtart are you using?

8. Do you have Domain Admin rights yourself?

9. Are the systems involved NT 4, 2000, or XP or a mixture?


Please supply this information and we can make a better educated suggestion for you to accomplish the task you want to complete.


Blutgerinsel
(Fresh Scripter)
2003-12-25 11:51 AM
Re: Network Ressources Mapping with User Auth

Quote:

Blut,

Why don't you explain a little more in detail exactly what it is you're attempting to do and maybe we can help you better.





Because English isn't my mother tongue I do relative heavily complex context to explain. So you understand it.
But I try my best one.

1.) The scripts run for all users if they logged in.
2.) The script is currently at all workstations password protected.
3.)This is only a workgroup
4.) The user accounts are at all workstation with the exactly password and username combination.
5.) I have different usergroups with special userrights, but the script must work if a user with admin right logg in or if not an admin. Local Admins have admin rights.
6.) These admin shares are at one of my workstation. c$ mean that is an admin share...
7.) My kixstart version is 2001_422
8.) I haven't got a domain only workgroup
9.) The Operating Systems at all workstations is XP Professional with SP1

I hope this information could help you.
Thank you helping.....


Donald_99a
(Fresh Scripter)
2003-12-25 03:27 PM
Re: Network Ressources Mapping with User Auth

Hi,

As a User you can not connect to a "Admin-Share", like "C$".
I think the best Way is to put the "Everyone" group to the "Administrator" Group of the Ressource you want to connect. Publishing an "Administrator" Password is not the right way.

Greetings...


Blutgerinsel
(Fresh Scripter)
2003-12-25 05:48 PM
Re: Network Ressources Mapping with User Auth

But if I put the everyone group to the admin group that'S impossible because everyone is a guest, too.

Another way is to create any user group who only can connect at the admin share. Administrators and speciel Users can use this admin shares that's the better way.

But at first I need the correct login syntax as user xy with pass xyz then I can create one group with especially users that allowed to use the admin shares.


Sealeopard
(KiX Master)
2003-12-30 03:08 AM
Re: Network Ressources Mapping with User Auth

A) The EVERYONE group should NEVEr be a local adminsitartor.
B) Admin shares require local admin privileges.
C) If a non-admin needs to connect to an admin share then a local admin account MUST be used to map that share.
D) A user cannot authenticate as two different users againstt he same computer unless one used the IP address for the second authntication
E) The answer ahs already been provided to you and is well documented in the KiXtart Manual under USE
Code:

$comp='workstation'
$user='username'
$pass='password'
use u: '\\'+$comp+'\c$$' /user:+$comp+'\'+$user /pass:$password

will map the admin share C$ as drive letter U: using the credentials 'username' with password 'password' of the computer 'workstation'.
F) Having identical admin usernames/passowrds on all computers is a BIG security risk. You might be better off implementing a domain model and assigning proper rights to users. Why do users need to connect to admin shares? Admin shares are for admin purposes and should not be misused for other things.

You might want to read up on basic computer/network security if you want to implement a safe computing environment.


Blutgerinsel
(Fresh Scripter)
2003-12-31 12:27 PM
Re: Network Ressources Mapping with User Auth

I have just create any account by the workstation which are my shares. The drives get new share setting who the new user account can use.

So I use your script and nothing happens.....
At all time if I use the use command with user and password parameters the [censored] does not work.
And with this script works are settings without user and password not.....

I have no idea...damn


Sealeopard
(KiX Master)
2004-01-02 02:36 AM
Re: Network Ressources Mapping with User Auth

Enable eventlog logging and check the eventlogs on the local machines. I can assure youthat USE does work with alternative credentials in both a WORKGROUP and a DOMAIN settings as I am using both.

Please show the latest script you've used.