stackoom
  简体   繁体   中英

Accessing Files on Windows Domain Share Drive in PHP

 原文  2022-08-08 22:06:20       php/ authentication/ iis/ ldap/ share

Question

I have a bunch of documents stored on a separate machine that I need to serve from a PHP/IIS server. The catch is that the document drive is on a machine that's attached to an Active Directory domain, and the webserver is not, so I'm unsure where to provide the AD user that PHP needs to authenticate with to access the drive.

I have the IIS application pool that calls PHP running as a new Windows user I created (set as the app pool's "Identity", and as the web site's Anonymous Authentication user). I've logged into the server as this new user and set up a Mapped Network Drive, but after some research I think that's a dead-end; I read that the service doesn't log into Windows in a way that loads mapped drives.

Referencing just by IP address is closer to working, except I get authenticating errors. The main solution I'm finding online is to make the app pool run as a user who has access to the drive, but I don't know if that's possible since the server isn't on that Windows domain. (But I'm also not an AD expert) 

echo shell_exec('whoami'); //Outputs the name of the Windows user I created

echo scandir('\\\\192.168.1.120\\data$'); //Username/password not found
echo trim(shell_exec('dir \\\\192.168.1.120\\data$ 2>&1')); //Username or password is incorrect

echo scandir('Z:\\'); //Path not found PHP warning
echo trim(shell_exec('dir Z: 2>&1')); //Path not found

If there isn't an easy, non-hacky solution, I can see if the client can put the webserver on the AD domain, but I don't know if that'll have unforeseen side-effects on the other services this server runs.

2 answers

solution1
 0  2022-08-10 08:46:53

About whether a Windows web server should be a member of an Active Directory domain?

If these are public facing and don't require users to be authenticated against the directory, then don't put them in the domain. However, if you need some kind of authentication or looking up information from AD, you might consider running Active Directory Application Mode (ADAM) in the DMZ. You may need to copy the relevant information from AD to the app partition as ADAM does not synchronize standard AD partitions.

Of course, If the web server is on the same network as the domain controller, it can be added to the domain to increase manageability.

solution2
 0  2022-08-11 18:18:08

Use cmdkey as that user to store the AD credentials:

cmdkey /add:*.ad.example.com /user:fooapp@ad.example.com /pass:lmao

(Alternatively, create an AD account – or even a local account on the fileserver – that matches the service user's username and password? Since you're accessing the fileserver by IP address, you probably don't care about disabling NTLM or doing things cleanly anyway...)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Accessing a Windows Share using PHP Accessing a Windows share (restricted access) on Windows using PHP How to insert permissions for files stored in Google Drive to share it with people in my domain How to read files ,If files or directory is available on windows shared drive (Mapped drive), using php Counting files on a shared windows drive via Php from Linux PHP How to create folder and files on network share drive with IIS10 Accessing image files on Windows server from php on Linux server Accessing Google Drive Files On The Server Side Of A Website Google Drive : File Uploading and Accessing the files Accessing Windows Objects with PHP?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM