Access account MPExtended (1 Viewer)

u28151

Portal Pro
March 24, 2005
179
20
Home Country
Sweden Sweden
Hi Oxan,

I am trying to configure a "service account" with limited permissions on the files and shares MPExtended is connecting to. Reason for that is that some configuration files becomes corrupted when using WebMediaPortal.
I have an MyFilms.xml on a NAS and for some reason it is totally cleaned out regularly so I have to recreate it.
When I try test connection with other account than Administrator the test fails.
I want to know what tests are performed so I am able to use a less privileged account.

Thanks!
 

Oxan

Retired Team Member
  • Premium Supporter
  • August 29, 2009
    1,730
    1,124
    Home Country
    Netherlands Netherlands
    Hmm, I think you may be right about MyFilms.xml. I'm going to see if I can fix that for 0.5.3.

    Anyway, we don't do any tests on the network account. We only try to login using it on the local machine. You've to create the account with the same username/password on the computer where MPExtended runs too, you can't create it only on the server.
     

    u28151

    Portal Pro
    March 24, 2005
    179
    20
    Home Country
    Sweden Sweden
    Aha, OK. But I need a domain account since I have a domain joined NAS. It works because I have logged on to the local MPExtended machine with the administrator account. But what I really would like to do is to use a domain account other than administrator - will it be possible sometimes in the future?
     

    sjevtic

    MP Donator
  • Premium Supporter
  • January 16, 2012
    114
    29
    43
    Chicago, IL
    Home Country
    United States of America United States of America
    Aha, OK. But I need a domain account since I have a domain joined NAS. It works because I have logged on to the local MPExtended machine with the administrator account. But what I really would like to do is to use a domain account other than administrator - will it be possible sometimes in the future?
    I use a non-administrator domain account for all things MediaPortal related (TV-Server, MP client, MPExtended, etc.) and it works absolutely great. No permission problems whatsoever, and most importantly, that account doesn't have permissions to access non-media related content. You have to manually configure the services to run the account (rather than as LocalSystem), but other than that, it has been working great for a while.

    Now what would be really cool is if I could have WebMP authentication done using domain accounts rather than usernames/passwords read from a static file. :)

    Sasha
     
    Last edited:

    Oxan

    Retired Team Member
  • Premium Supporter
  • August 29, 2009
    1,730
    1,124
    Home Country
    Netherlands Netherlands
    Yes, I actually forgot that. You can already configure it to use a domain account, you just have to do it manually in services.msc.

    Now what would be really cool is if I could have WebMP authentication done using domain accounts rather than usernames/passwords read from a static file. :)
    Hmm, that's interesting. I fear it's going to be a bit troublesome with the new permission system in 0.6, but I might take a look at it.
     

    sjevtic

    MP Donator
  • Premium Supporter
  • January 16, 2012
    114
    29
    43
    Chicago, IL
    Home Country
    United States of America United States of America
    Yes, I actually forgot that. You can already configure it to use a domain account, you just have to do it manually in services.msc.



    Now what would be really cool is if I could have WebMP authentication done using domain accounts rather than usernames/passwords read from a static file. :)

    Hmm, that's interesting. I fear it's going to be a bit troublesome with the new permission system in 0.6, but I might take a look at it.
    I'm not sure what you're working on with respect to the new permission system, but generally speaking, you can do Active Directory authentication anywhere you have a LDAP client library available.

    You can authenticate a user by binding with the provided username and password (if it succeeds, the credentials are good), and checking if a user is a member of a group isn't that hard either. That said, dealing with the nuances of most things involving LDAP tend to be less pleasant than they should be. I remember playing once with adLDAP, and was able to get useful results pretty quickly. I realize it's not C# and thus not directly usable, but it will give you a good idea of a workable approach and its associated complexity.

    Sasha
     

    Users who are viewing this thread

    Top Bottom