Authenticating on a Windows domain with IIS
Hey guys,
I'm currently working on a corporate intranet, and I'd like to avoid having users enter two passwords in the morning when they log in. Is there any way to have the intranet authenticate the user based on their windows domain username?
For the record, I'm using php5, and IIS6. The user machines here are a combination of windows flavours, ranging from WinME (only used for a print server -- I can ditch this for intranet access), Windows 2000 (most users), and Windows XP (myself).
I've come across this script:
<?php
/*
Getting netbios info
CopyLeft 2002 (GNU GPL V2) by polo
*/
error_reporting(E_ALL);
/* get the ip of the client */
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
$ip = $_SERVER["REMOTE_ADDR"];
}
echo 'ip : '.$ip.'<br>';
/* send a "special" packet */
$fp = fsockopen('udp://'.$ip, 137);
fwrite($fp, "\x80b\0\0\0\1\0\0\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\1"
/* wait 2 secs, and get the data */
socket_set_timeout($fp, 2);
$data = fread($fp, 256);
/* get netbios records number */
$nbrec = ord($data[56]);
/* display nebios records : the username is a record of type 3 */
echo '<table border="1">';
echo '<tr><th>no</th><th>type</th><th>value</t
for($i = 0; $i < $nbrec; $i++) {
$offset = 18 * $i;
printf ("<tr><td>%02d</td><td>%02X</td><td>%s</t
}
echo '</table>';
?>
It works, but I'm stuck on how to use that in site (how do I identify that 03 entry which shows the windows username).
ip : 192.168.49.15
Any suggestions would be appreciated.
EDIT: I need to be able to read the username, so I can pull security levels from a database:
<?php
// get the username and security level
$u = //pulled from windows domain
$sqlquery = 'SELECT * FROM users WHERE Username = $u';
$result = odbc_exec($dbc, $sqlQuery);
$row = odbc_fetch_array($result);
$access = $row[6]
?>
EDIT: I think we're getting more into the IIS side of things and less the php, but I'm hoping we can still work through this.
When I disable anonymous login (and thus require NTLM authentication), the users end up having to enter their username & password twice (once to log onto the workstation in the morning, and once to open the intranet site.
Now I'm looking for a way to automate that second authentication. We all know users will grumble and complain if they have to enter the same info in twice...
FINAL EDIT: We've sorted out the problem, thanks to
saifatlast. Thank you ALL for your help. This is one of the reasons I love 
php...
I'm currently working on a corporate intranet, and I'd like to avoid having users enter two passwords in the morning when they log in. Is there any way to have the intranet authenticate the user based on their windows domain username?
For the record, I'm using php5, and IIS6. The user machines here are a combination of windows flavours, ranging from WinME (only used for a print server -- I can ditch this for intranet access), Windows 2000 (most users), and Windows XP (myself).
I've come across this script:
<?php
/*
Getting netbios info
CopyLeft 2002 (GNU GPL V2) by polo
*/
error_reporting(E_ALL);
/* get the ip of the client */
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
$ip = $_SERVER["REMOTE_ADDR"];
}
echo 'ip : '.$ip.'<br>';
/* send a "special" packet */
$fp = fsockopen('udp://'.$ip, 137);
fwrite($fp, "\x80b\0\0\0\1\0\0\0\0\0\0 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\1"
/* wait 2 secs, and get the data */
socket_set_timeout($fp, 2);
$data = fread($fp, 256);
/* get netbios records number */
$nbrec = ord($data[56]);
/* display nebios records : the username is a record of type 3 */
echo '<table border="1">';
echo '<tr><th>no</th><th>type</th><th>value</t
for($i = 0; $i < $nbrec; $i++) {
$offset = 18 * $i;
printf ("<tr><td>%02d</td><td>%02X</td><td>%s</t
}
echo '</table>';
?>
It works, but I'm stuck on how to use that in site (how do I identify that 03 entry which shows the windows username).
ip : 192.168.49.15
| no | type | value |
|---|---|---|
| 00 | 00 | COMPUTER_NAME |
| 01 | 00 | SYDNEY |
| 02 | 03 | NET_NAME_1 |
| 03 | 20 | COMPUTER_NAME |
| 04 | 1E | SYDNEY |
| 05 | 03 | MYLOGIN |
Any suggestions would be appreciated.
EDIT: I need to be able to read the username, so I can pull security levels from a database:
<?php
// get the username and security level
$u = //pulled from windows domain
$sqlquery = 'SELECT * FROM users WHERE Username = $u';
$result = odbc_exec($dbc, $sqlQuery);
$row = odbc_fetch_array($result);
$access = $row[6]
?>
EDIT: I think we're getting more into the IIS side of things and less the php, but I'm hoping we can still work through this.
When I disable anonymous login (and thus require NTLM authentication), the users end up having to enter their username & password twice (once to log onto the workstation in the morning, and once to open the intranet site.
Now I'm looking for a way to automate that second authentication. We all know users will grumble and complain if they have to enter the same info in twice...
FINAL EDIT: We've sorted out the problem, thanks to
saifatlast. Thank you ALL for your help. This is one of the reasons I love php... 