WNetAddConnection2 Fails Across Untrusted Domains

WNetAddConnection2 Fails Across Untrusted Domains

Post by Scott Ka » Thu, 30 Sep 2004 03:15:51

I would please like some help solving an annoying problem with the use Win32
API WNetAddConnection2 from VB.Net 2003, a Windows XP client, and Windows
2003 Web Server server.

The client is on domain A and the server and user account is on domain B.
Domain A does not trust domain B and vice versa. I am trying to establish a
connection to a drive share on domain B using a user account on domain B
from a client on domain A. The user on domain B has proper permission to
view the share on domain B. I recieve error 1326/Logon failure: unknown
user name or bad password. The user is correct and the password is correct.

I have been able to eliminate the possbility of a bad API call because the
function works if the client is also on domain B. I have also been able to
eliminate network problems with the client on domain B because I have been
able to make the desired connection using Windows Explorer and providing the
user name from domain B.

Here is my source code. Again, any help would be greatly appreciated. As a
reminder, the client is on Domain A, the server and user account are on
Domain B.
Dim theNetResource As NETRESOURCE
Dim strUsername As String
Dim strPassword As String
Dim result As Integer
theNetResource = New NETRESOURCE
theNetResource.lpProvider = Nothing
theNetResource.dwDisplayType = 3 'RESOURCEDISPLAYTYPE_SHARE
theNetResource.dwScope = RESOURCE_GLOBALNET
theNetResource.lpRemoteName = \\server 'on domain B
theNetResource.lpLocalName = "" 'No local mapping desired. Just
strUsername = "domainB\username"
strPassword = "password"
theNetResource.dwType = RESOURCETYPE_DISK
result = WNetAddConnection2(theNetResource, strUsername, strPassword, 0)

This does not work and I am not sure why. Googling hasn't helped so far.

1. ODBC from connection to SQL across untrusted domains

2. Validating User Credentials across untrusted domains


I am trying to validate user credentials for a user across untrusted
domains. My application (runs as an NT service (multithreaded)) has to
run on XP / 2K/ 2K3.

Code sample provided on MS site
( http://www.yqcomputer.com/ ) *DOES NOT WORK* (I can pass
in invalid password, function says validated successfully)

I tried using ADSI and the code seems to work (pasted below). But there
is a nagging line on MSDN in the help section for ADsOpenObject

"This function should not be used just to validate user credentials.
For more information about validating user credentials, see Microsoft
Knowledge Base article 180548..."
(points to the sample that does not work)

Any clue/speculation why MS would say this?


CString strADSPath;
strADSPath.Format(_T("WinNT://%s"), strDomainName);
CComPtr<IADs> pADs;
hr = ADsOpenObject(strADSPath, strUserName, strPassword,
CComBSTR bstrName;
hr = pADs->get_ADsPath(&bstrName);

3. Authentication across untrusted domains

4. Validating User Credentials across untrusted domains

5. Linked server using Windows Auth across untrusted domains

6. OpenDSObject across untrusted domains - Unknown user or bad passwo

7. sms across untrusted forests

8. SMS2003 across W2K untrusted forests

9. untrusted certificate for testing: Untrusted Server Certificate Chain

10. succeed in across-domain posting from site a to site b using webclient,but one fail..

11. install remote client->WNetAddConnection2 failed

12. Scheduled Package Fails Copying Files Across Domains

13. WNetAddConnection2 failed with 1312(ERROR_NO_SUCH_LOGON_SESSION)

14. Why WNetAddConnection2 function failed in Windows 2008?

15. Failed access to Users and Groups across domains