I want to hook into the domain user login system and handle my own local profile creation. I have two basic related questions:
- How do I intercept the domain user authentication?
- Can I handle the creation of user profiles myself?
- Using roaming profiles is not an option
- Using mandatory profiles is also not an option
Target Platforms– Windows 7 Enterprise, Professional, Home Premium (optional)
I don't mind using Active Directory, but I would prefer to use Linux (Samba 4?) software because my servers will all be running Linux. This is relatively unrelated because I just want some documentation, or even what to search for on Google.
EDIT: I found this link on Microsoft's msdn webpage.
I also found this to be really helpful in getting started with customizing GINA.
Do I need any special software to create an authentication package? Can I access a web or network resource from this script to validate credentials?
Best Answer
What you could do in this case, is to create a windows service running with LocalSystem privileges and communicate with it with your credentials provider.
When a user enters his/her credentials to the ICredentialsProvider, the would contact the windows service and the service will handle the authentication.
Upon a successful authentication, the service should verify that such an account is locally present in the system otherwise create a new local account with NetUserAdd and log in with that account into the system.
Bear in mind that ICredentialsProvider does not have the privileges to create local account or use most of the Net* functions, that's why I'm suggesting to create a windows service with LocalSystem privs.