locked
Unable to LogonUser with Active Directory domain account

    Question

  • I'm using a workstation in an Active Directory domain, trying to impersonate another user. The user AULAS\Aula11 (or aula11@aulas.es) has administrative privileges in the domain, as it also has AULAS\Aula8, and both have blank passwords, but the following VB .NET code fails

    Private Declare Function LogonUser Lib "advapi32.dll" Alias _

    "LogonUserA" (ByVal lpszUsername As String, _

    ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Integer, _

    ByVal dwLogonProvider As Integer, ByRef phToken As IntPtr) As Integer

    If LogonUser("Aula11", "AULAS", vbNullString, 3, 0, elToken) <> 0 Then

    Console.WriteLine("El usuario pepe ha sido identificado")

    Else

    Console.WriteLine(Err.LastDllError.ToString())

    Console.WriteLine("El usuario pepe NO ha sido identificado")

    End If

    Console.ReadLine()

    with error 1326, unknown user name or bad password.

    Finally, note I have also try LogonUser with domain "aulas.es", with the same errror 1326.

    Please help.

    Friday, December 01, 2006 12:45 PM

All replies

  • I am not a hundred percent sure but seems to me that you have to supply a password... I dont believe that you can have a null value for a password.
    Friday, December 01, 2006 2:07 PM
  • I'm using my computer with domain user AULAS\Aula11, and I log in without a password!
    Friday, December 01, 2006 3:50 PM
  • Is vbNULLstring the same as ""?
    If not , try using "" instead of vbNULLstring.
    This because I think it's like that an empty textbox doesn't return a vbNULLstring, but "".

    Don't know if I'm right eh

    Grtz, Tom.
    Friday, December 01, 2006 8:41 PM
  • Neither works the program using "" as password instead of vbNULLstring. I think there is some problem accessing Active Directory's users, maybe DNS or DHCP misconfiguration; or maybe there is some misconfiguration of premissions to do a network login using an account with blank passwords???
    Monday, December 04, 2006 10:09 AM
  • Ociretsih Yahoo said:

    Neither works the program using "" as password instead of vbNULLstring. I think there is some problem accessing Active Directory's users, maybe DNS or DHCP misconfiguration; or maybe there is some misconfiguration of premissions to do a network login using an account with blank passwords???


    Hi all,

    I'm now using this funcions on my servers(win2008) and suffered from similar circumstance.

    Here's my situation:
    Domain: Karsen.com
    Domain Account: Karsen.com\AA password:123aA (Domain Admin privilege)
    Machine: A, which joined the domain Karsen.com
    Machine Account: Administrator password:xx56ZZ (Local Admin)

    Code Snippet:    

            if (!LogonUser(argv[1], NULL, argv[2], LOGON32_LOGON_INTERACTIVE,
                LOGON32_PROVIDER_DEFAULT, &hToken))
            DisplayError(L"LogonUser");

    And I login A with account AA@karsen.com, then I perform some test:
    I can successfully LogonUser by "\Administrator" + "xx56ZZ".
    but when I try to LogonUser by "Karsen.com\AA" or AA@karsen.com + "123aA".
    I always got the following error:

    ERROR: API = LogonUser.
    error code = 1326.
    message = Logon failure: unknown user name or bad password.

    Could anyone give me some advice?

    Monday, March 23, 2009 7:41 AM