Windows impersonation LogonUser error

Question

I am trying to use this code to logon to a restricted network share (with windows server 2012 on the head node) from my local machine (windows 8.1), and I can't seem to get it to work.

Both machines are on the same domain (verified), the account I am using is an adminstrator on my local machine, and the account I am trying to impersonate has admin rights on the machine hosting the share. I can mount the share using the credentials just fine.

But when I run this line of code:

bool returnValue = LogonUser(userName, domainName, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, out safeTokenHandle);

I get the following error: The trust relationship between this workstation and the primary domain failed NativeErrorCode 1798.

This seems to occur regardless of what credentials I use- it happens if I use my own (which I know are good!).

I can't seem to find a solution for this- the docs I find are for a different use case (I think), and involve removing a machine (which one?) from the domain and rejoining.

Any suggestions on how to debug this? Solutions? Suggestions?

Answer 1

So I found the answer. LOGON32_LOGON_INTERACTIVE is not right. LOGON32_LOGON_NEW_CREDENTIALS is what to use.

On this page they describe what the variables are, but not the values. You need to actually go look at the #define in winbase.h (I found a version here) that shows the values for those variables. In this case, you need to use a logon type value of 9 instead of 2. In C# land, it's just a bit more work, but... it works :)