zakird / pyad

Python Active Directory Tools | *Not actively maintained*
http://zakird.github.io/pyad/
176 stars 72 forks source link

Unable to authenticate #28

Open greeny88 opened 10 years ago

greeny88 commented 10 years ago

I've created a script to pull information out of my default AD with no problem. I've now pointed to a different AD using this code.

pyad.set_defaults(ldap_server=u'bar.example.com', username=u'username', password=u'password')

But I am getting this error when the script is run.

Traceback (most recent call last): File "C:\path\to\file.py", line 168, in main() File "C:\path\to\file.py", line 25, in main q = adquery.ADQuery() File "build\bdist.win32\egg\pyad\adquery.py", line 32, in init File "C:\Python27\lib\site-packages\win32com\client\dynamic.py", line 576, in setattr raise AttributeError("Property '%s.%s' can not be set." % (self.username, attr)) AttributeError: Property '.value' can not be set.

I've tested using other tools and I do have access to that AD using the same server/login combo. Another thing I've tried is connecting to my default AD using credentials to see if I get the same error and I in fact do.

Is this a bug in setting defaults or am I using that line incorrectly?

zakird commented 10 years ago

Alright, I think I might see the problem that's happening. Can you please try installing Version 0.5.13 from the master branch and try again. If it solves the problem, I'll push out a new egg.

greeny88 commented 10 years ago

That seems closer but it is creating a new error now.

Traceback (most recent call last): File "C:\path\to\file.py", line 174, in main() File "C:\path\to\file.py", line 31, in main q = adquery.ADQuery() File "build\bdist.win32\egg\pyad\adquery.py", line 32, in init File "C:\Python27\lib\site-packages\win32com\client\dynamic.py", line 560, in setattr self.oleobj.Invoke(entry.dispid, 0, invoke_type, 0, value) pywintypes.com_error: (-2147352567, 'Exception occurred.', (0, u'ADODB.Property', u'Read-only property value was not set.', None, 1240640, -2147217887), None)

zakird commented 10 years ago

Hrm. So I'm not really sure what to say on this one. We're actually following the exact example code from Microsoft..

{ Set oConnect = CreateObject("ADODB.Connection") oConnect.Provider = "ADsDSOObject" oConnect.Properties("User ID") = stUser oConnect.Properties("Password") = stPass oConnect.Properties("Encrypt Password") = True oConnect.Open "DS Query", stUser, stPass }

So I'm not sure why this isn't working on your network. Could you create a VB script and test whether ^^ works?

What version of Windows is this running against? All of this was written against 2003/2003R2 a while back.

On Wed, Aug 13, 2014 at 3:03 PM, greeny88 notifications@github.com wrote:

That seems closer but it is creating a new error now.

Traceback (most recent call last): File "C:\path\to\file.py", line 174, in main() File "C:\path\to\file.py", line 31, in main

q = adquery.ADQuery() File "build\bdist.win32\egg\pyad\adquery.py", line 32, in init File "C:\Python27\lib\site-packages\win32com\client\dynamic.py", line 560, in setattr self.oleobj.Invoke(entry.dispid, 0, invoke_type, 0, value) pywintypes.com_error: (-2147352567, 'Exception occurred.', (0, u'ADODB.Property', u'Read-only property value was not set.', None, 1240640, -2147217887), None)

— Reply to this email directly or view it on GitHub https://github.com/zakird/pyad/issues/28#issuecomment-52094746.

greeny88 commented 10 years ago

So I looked into that error message a little bit more and it seems related to the connection already being opened making those settings read-only at that point. And in comparing the MS script to what is in adquery it does look like the Open call is being made before the values are set. Could that be what the issue is?

The machine I'm running against is a 2008 R2 so I'm hopping that's not the issue.

So far I'm not able to get the VB script to work but I haven't done VB in a long time so I'm trying to work with the guy who maintains our AD to see if he can help show that I can connect.

greeny88 commented 10 years ago

I think it is related to when the Open command is being called.

I finally got a vb script to work when authenticating to my default AD. So I took that information and started messing with adquery. I ended up hard-coding all of the properties in the Open call and I was able to get results back. Otherwise, with adquery the way it was setup, I was still getting the read-only error hitting my default AD.

I still can't seem to get any results from this other remote AD from either the vb script or hard-coding adquery so I need to get that tracked down on my side first.

zakird commented 10 years ago

Alrighty. Yeah I had a feeling that we might have needed to move credentials into the connection string. If you send me the VBScript and/or python code, and I can genericize and push out.

greeny88 commented 10 years ago

In adquery here is what I was hard-coding the Open call to:

self.__adodb_conn.Open("Provider=ADsDSOObject;User ID=username;Password=password;Encrypt Password=True;ADSI Flag=" + str(adsi_flag))

And I moved the adsi_flag variable right above it and then commented out the entire block below it.

mallouris commented 9 years ago

Replace the following function in file adquery.py

def init(self, options={}): self.__adodb_conn = win32com.client.Dispatch("ADODB.Connection")

    if self.default_username and self.default_password:
        self.__adodb_conn.Provider=u"ADsDSOObject"
        self.__adodb_conn.Properties("User ID").Value = self.default_username
        self.__adodb_conn.Properties("Password").Value = self.default_password
        adsi_flag = ADQuery.ADS_SECURE_AUTHENTICATION | \
                    ADQuery.ADS_USE_ENCRYPTION                        
    self.__adodb_conn.Properties("ADSI Flag").Value = adsi_flag
    self.__adodb_conn.Properties("Encrypt Password").Value = True
        self.__adodb_conn.Open()
else: 
        self.__adodb_conn.Open("Provider=ADSDSOObject") 

    self.reset()
zerok commented 9 years ago

Hi :) I also just ran into this issue and @mallouris 's solution seems to fix it for me as well. :+1:

zakird commented 9 years ago

Thanks for the solution @mallouris. I apparently lost track of this issue. I've made these changes in master: 1a4d266.

Buccaneersdan commented 8 years ago

Hey all. The fix conceived by greeny88, implemented by mallouris and commited by zakird, works for me (Windows Server 2008 R2, just as with greeny88). I am a noob at packaging for pypi. Therefore I don't feel sufficiently competent to estimate the effort to package a new egg (or wheel) with the modified adquery.py, but I think it would do your project a favour to accomplish that. I started a project not long ago, where I made the mentioned changes on my dev-machine. The day I deployed it on the server, I couldn't connect. As I searched hours again for this issue (Doh! I mention it now in a readme for future project maintainers), I could believe others struggle as well with this, and don't checkout via git or read issues here.