I am working on an use case to create a folder and add security groups. I am using below code. When i perform this manually to access share path we enter credential and create a folder Post that once I click on security tab, it prompts for credentials again and I populate same and security group. This is because accessing the shared location from a different domain which is expected. Now when I try to do this through python with below code, I am able to create folder but its failing to add security group because the script is running from a server in different domain.
Error (1332, LookupAccountName' no mapping between account names and security IDs was done.)
So basically how we can set the permissions while accessing security tab with permmission set for the same.
Please help.
class Create(Resource):
def post(self):
# Get JSON arguments from Payload shared NAS path, directorname groupname with read access and right access
parentdir = request.json.get("path")
dirname = request.json.get("name")
readGroup = request.json.get("readGroup")
# Access the NAS path through NAS credentails
class Impersonate:
def __init__(self,user,password):
#Update domain to access the shared NAS
self.domain_name = "domain"
self.user = user
self.password = password
logging.debug("Credentials Received: {} ".format(self.user))
def logon(self):
self.handle=win32security.LogonUser(self.user,self.domain_name,self.password,win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)
win32security.ImpersonateLoggedOnUser(self.handle)
def logoff(self):
win32security.RevertToSelf() #terminates impersonation
self.handle.Close() #guarantees cleanup
if __name__ == "__main__":
#update username and password of the NAS path below within quotes
a=Impersonate('user','Password')
try:
a.logon() #Logon to NAS path with supplied credentails.
try:
logging.debug("Sucessfully connectd to NAS path {} ".format(parentdir))
# makedirs create directory recursively
os.makedirs(path)
try:
groupr, domain, type = win32security.LookupAccountName ("", readGroup)
sd = win32security.GetFileSecurity(path, win32security.DACL_SECURITY_INFORMATION)
dacl = sd.GetSecurityDescriptorDacl()
dacl.AddAccessAllowedAce(win32security.ACL_REVISION,win32con.GENERIC_READ, groupr)
#os.makedirs(path)
except OSError as e:
if e.errno == errno.EEXIST:
print(e)
resp = Response('{} fileshare creation created, adding security group {} with read permessions failed. Error:{}'.format(dirname, groupr, e))
print (resp)
resp.status_code = 201
return resp
except OSError as error:
print(error)
resp = Response('{} fileshare creation failed. Error is {} '.format(dirname, error))
print (resp)
resp.status_code = 300
return resp
#return ("Fileshare creation failed: {} ".format(dirname))
except Exception as error1:
print(error1)
logging.error("Failed to connect to NAS path{}, Error: {} ".format(parentdir, error1))
resp = Response('Could not connect to UNC Shared path. Error{}'.format(error1))
print (resp)
resp.status_code = 201
return resp
a.logoff()