0

I'm working on a solution to identify client Network Domain or Workgroup in a private network. Based on it, I must change some access permissions.

I can't do that through IP address because it isn't trustable, only network domain/ workgroup.

For reasons unknown to me I can't have a login screen, access must be automatic and seamless.

Someone know how can I do it?

Sorry to post it here, follow it on the correct place: https://stackoverflow.com/q/31349047/3706998

LeonanCarvalho
  • 204
  • 3
  • 13
  • You want to be able to access the computer's local network domain info from a web session? I'm afraid web is a few layers above the network domain level. – schroeder Jul 10 '15 at 15:03
  • Yes! Thats the problem, I know php works on Session Layer but there is a many functions of network. May a Apache config could request this information from client. – LeonanCarvalho Jul 10 '15 at 15:18
  • The short answer is "no". Unless you had some function that could read the OS-level details of the client (like `phpinfo` on the server side) you cannot see this data. – schroeder Jul 10 '15 at 15:20
  • The PHP function [gethostbyaddr](http://php.net/manual/en/function.gethostbyaddr.php) is enought to return domain machine name inside a private network.. I just must know the Remote Address (IP) – LeonanCarvalho Jul 10 '15 at 17:16
  • gethostbyaddr will return the *public* domain, not the private one – schroeder Jul 10 '15 at 17:26
  • Are the clients under a private network "public" ? – LeonanCarvalho Jul 10 '15 at 17:29

3 Answers3

1

Not really. You can directly retrieve some agent information and the local IP/hostname but not their workgroup/domain status.

That being said - you could get the hostname and query Active Directory via WMI to see if it is a domain computer, but you can never prove the validity of the hostname.

Another option is that you can authenticate a user against Active Directory/LDAP. You could have a login page that when they authenticate against Active Directory (proving they are a domain user) you let them login.

Also have a look at Authenticating in PHP using LDAP through Active Directory.

Community
  • 1
James
  • 161
  • 3
  • Assuming the webserver has access to the local network. If the webserver has access to the local network, then they already know the domain. – schroeder Jul 10 '15 at 16:13
  • For reasons unknown to me I can not have a login screen, access needs to be automatic and seamless. The only thing I need is domain name to show data from "A" or "B" based on sub-domain name. Eg. domain.global.machine-name: Show global data domain.localA.machine-name: Show localA data – LeonanCarvalho Jul 10 '15 at 17:20
1

Sort of.

You can create a landing page that lists all client IP addresses using WebRTC and load another address.

You can use gethostbyaddr() on every IP returned, and you will get some user198.domain-a.company.xxx. Just set a session variable, and you are set.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • WebRTC is cool, but doesn't work on IE ! – LeonanCarvalho Jul 10 '15 at 17:57
  • Yes, it does. Not out of the box, but with the help of a couple plugins: https://code.google.com/p/webrtc4all/ or https://temasys.atlassian.net/wiki/display/TWPP/WebRTC+Plugins or https://github.com/sarandogou/webrtc-everywhere – ThoriumBR Jul 10 '15 at 18:01
-1

It's possible to get corresponding to a given IP address using gethostbyaddr function http://php.net/manual/en/function.gethostbyaddr.php:

    $proxy = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : false;

if(!!$proxy){
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
     echo "Warning: Your cliend is using proxy, may could not determine hostname";
    }else{
    $ipaddress = $_SERVER['REMOTE_ADDR']; //
    }
    $hostname = gethostbyaddr($ipaddress); //Its will return domain + machine-name inside a private network.

    if($ipaddress  == $hostname){
     echo "Impossible to determine hostname for: ", $ipaddress ;
    }else{
      echo "The hostname for ", $ipaddress, "is : ",  $hostname;
    }

But the communication using application / session layer to network layer is a little complicated. You must don't trust it to access control in php applications.

schroeder
  • 123,438
  • 55
  • 284
  • 319
LeonanCarvalho
  • 204
  • 3
  • 13
  • If you are outside the network, you will not be able to know the internal domain name because you are getting the external IP address. `gethostbyaddr` uses DNS. – schroeder Jul 10 '15 at 17:28
  • You're right! If you are on Internet or in a different network the reverse IP will be gotten.(code bellow [here](http://www.leonancarvalho.com/projects/info.php)) But if your server and client is in a private network your machine name will be gotten. The server must be able to request this remote IP using lookup. – LeonanCarvalho Jul 10 '15 at 17:41