Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

MSLogon can't authenticate some users on same AD group

Should you have problems with the MS logon plugin, here's the place to look for help or report issues
Post Reply
pbornacin
Posts: 7
Joined: 2010-07-01 07:19

MSLogon can't authenticate some users on same AD group

Post by pbornacin »

hi, I have various versionof UltraVNC running in a domain environment with MSLogon enabled on all workstations.
I have an AD group for IT users so they can authenticate to user workstations.

On some workstation an IT users get Authentication Failed when they attempt to VNC into users workstations.

Myself and another tech can, under the IT users domain login, VNC into a target workstation and authenticate with OUR AD credentials without issue.

So, the VNC viewer works and can connect to the target workstation.

I verified that the IT users being rejected are in fact in the MSLogon AD group, and the target workstation
has that group listed in the MSLogon ACL, with Domain checked.

Any ideas?

thanks

paolo
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6867
Joined: 2004-04-23 10:21
Contact:

Re: MSLogon can't authenticate some users on same AD group

Post by Rudi De Vos »

What do you get when you run testauth.exe on workstations with auth failed.
pbornacin
Posts: 7
Joined: 2010-07-01 07:19

Re: MSLogon can't authenticate some users on same AD group

Post by pbornacin »

I got this:

C:\Programmi\uvnc bvba\UltraVNC>testauth.exe
Enter user name : gabriele
Enter password : ********
Enter group : EDPIP

loc=1 dom=3 local+domain=3 : 3

Trying authlogonuser.dll
This only works on XP>
test is runnning as application and not a service
------------------------
------------------------
authlogonuser.dll not foundbased on authlogonuser.dll user has NO access
Trying auth.dll
------------------------
------------------------
auth.dll not foundbased on auth.dll user has NO access
Trying authaddll
------------------------
------------------------
authad.dll not foundbased on authad.dll user has NO access
Trying ldapauth .dll
------------------------
------------------------
LDAP://rootDSE
LDAP://DC=ip,DC=loc
ADsPath: LDAP://CN=Gabriele,CN=Users,DC=ip,DC=loc
ADsPath: LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc
Group found OK
Object

LDAP://CN=Gabriele,CN=Users,DC=ip,DC=loc

IS a member of the following Group:

LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc

based on ldapauth.dll user has access Enter to quit

when I run testauth with my user (one that work), I got this:

C:\Programmi\uvnc bvba\UltraVNC>testauth.exe
Enter user name : paolo
Enter password : ********
Enter group : EDPIP

loc=1 dom=3 local+domain=3 : 3

Trying authlogonuser.dll
This only works on XP>
test is runnning as application and not a service
------------------------
------------------------
authlogonuser.dll not foundbased on authlogonuser.dll user has NO access
Trying auth.dll
------------------------
------------------------
auth.dll not foundbased on auth.dll user has NO access
Trying authaddll
------------------------
------------------------
authad.dll not foundbased on authad.dll user has NO access
Trying ldapauth .dll
------------------------
------------------------
LDAP://rootDSE
LDAP://DC=ip,DC=loc
ADsPath: LDAP://CN=Paolo,CN=Users,DC=ip,DC=loc
ADsPath: LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc
Group found OK

////////////////////////////////////////////////////
Checking the Group:

LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc

for the member:

LDAP://CN=Paolo,CN=Users,DC=ip,DC=loc


////////////////////////////////////////////////////

Comparing:

{AE5ED752-7DCD-41F8-869C-DACDBF318C69}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{A6C51F28-86F7-40A3-BB26-856EC93C5C7D}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{0D669D5A-72B5-48E7-B4F6-DEDFBD647732}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{5D88448C-8779-484E-942C-D9230BC76291}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{5F6AD8C2-1E1B-4FCF-9D15-8C9CDC3CBA1B}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{6A60E76F-9913-4D92-A87F-BCDBBC997252}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{CE1B812F-14C7-4FEF-AE7B-0DA44761F8C5}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{CFC7D496-A638-4264-8451-951C762BF2AD}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{BB5F3449-A2E7-4054-96B5-F73DAB0E9653}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{1DF6B3B4-496E-4300-9B91-BB9424A60C55}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{F96EDD7A-3AC5-434E-8451-0D52AB898B9E}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{E270E24D-1262-4468-A00C-D2C6A5843C6C}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{98B66050-A7B7-4661-9D93-68A83461B790}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{D763CCD9-0834-476A-9CF2-222CE426F691}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

Comparing:

{234A462B-FC7B-4E3D-8845-F2779B20C45D}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}

USER not found in group
based on ldapauth.dll user has NO access Enter to quit

:cry: :cry:

thanks a lot
Post Reply