Hello,
I noticed that Radiator did not detect when an account is Expired or Locked
(this is different from disabled) in the NT SAM
May I suggest the following addition to the AuthNT.pm module:
require Win32::AdminMisc;
import Win32::AdminMisc;
# #########################################################
# insert this part on line 156 in AuthNT.pm (just after the "Account is
disabled" condition )
# #########################################################
elsif ($Getflags & &UF_LOCKOUT)
{
return ($main::REJECT, "Account is Locked");
}
my %HashMiscAttributes;
if ( Win32::AdminMisc::UserGetMiscAttributes($self->{DomainController},
$user_name, \%HashMiscAttributes))
{
if ($HashMiscAttributes{USER_ACCT_EXPIRES} < time)
{
return ($main::REJECT, "Account is Expired");
}
}
# ##########################################################
Although this addition will make AuthNT more usefull, I feel It would be
much cleaner to find a way to send the UserName/Password combo to the
DomainController in order to do the checking internally.
I am very surprised there are no functions available to authenticate a user
against NT SAM
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
