Re: NT authentication from a local windows NT 4.0 Wks to a NT Server 4.0
From: Brandon L. Parrish (brandon.parrish@state.tn.us)Date: 03/05/02
- Previous message: What Ever: "Re: NT authentication from a local windows NT 4.0 Wks to a NT Server 4.0"
- In reply to: JO tehlua: "NT authentication from a local windows NT 4.0 Wks to a NT Server 4.0"
- Next in thread: JO tehlua: "Re: NT authentication from a local windows NT 4.0 Wks to a NT Server 4.0"
- Reply: JO tehlua: "Re: NT authentication from a local windows NT 4.0 Wks to a NT Server 4.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: brandon.parrish@state.tn.us (Brandon L. Parrish) Date: 5 Mar 2002 05:59:04 -0800
Jo,
This is a normal part of Windows NT/2000 security. When the
workstation is logged into locally, a username and password is
activated and lets you in. The security on this account is local, so
it could be a user, power user, or admin account, whatever you have
setup for it. Now, when you go out to map a network share on a remote
system, what happens is that you send a packet that contains your user
id and password to the remote system. If it is an NT box (workstation
or server), it checks your information versus its user database. If
your credintials on both systems are identical, it authenticates you
on the remote system with whatever access you have rights to. It then
checks what you are trying to do (e.g. acess a shared folder in this
case) and verifies that your account on that system has the right to
do so. If it does, it grants it, if it does not, you are rejected.
Now, if you were on a domain, and tried to map to a share that was on
a standalone server or a remote workstation that you did NOT have an
account on, you would be challenged for a username and password. You
would either have to create a local account on the standalone server
or be logged into the same domain with it so you could access shares.
The reason that it is different on the PDC or a BDC is because the
Domain user database is the same as the local user database for those
machines. Hope this helps and that I didnt turn a simple concept into
a complex one...i tend to rant a bit :)
Brandon
redmac@angelfire.com (JO tehlua) wrote in message news:<3c84a273.1843230@news.zipworld.com.au>...
> Hi
>
> Could someone please explain or lead me to where I can get further
> information.
>
> Scenerio:
>
> I create a local user on an NT 4.0 Workstation , eg. test000
>
> I create an account on a NT 4.0 Server (enterprise ed. a PDC) the id
> and password as the workstation user id - the user belongs to the
> domain users group.
>
> I create a share on the server eg: d:\files with permission granted to
> everyone.
>
> Now I long into the workstation locally , without authenticating
> outside, (ie using the local sam.)
>
> I try mapping a drive to the NT server share, and the drive is mapped
> automatically without any challege.
>
> My question is why does this automatically happen ? aren't there two
> separate SAM databases, on the local machine and the sam on the PDC??
>
> However if I can change either password, (ie no longer in sync), only
> then I get a challege.
>
> Does this happen in WIN2K ????
>
> THanks
>
> Jo
>
> please email redmac@angelfire.com
- Previous message: What Ever: "Re: NT authentication from a local windows NT 4.0 Wks to a NT Server 4.0"
- In reply to: JO tehlua: "NT authentication from a local windows NT 4.0 Wks to a NT Server 4.0"
- Next in thread: JO tehlua: "Re: NT authentication from a local windows NT 4.0 Wks to a NT Server 4.0"
- Reply: JO tehlua: "Re: NT authentication from a local windows NT 4.0 Wks to a NT Server 4.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
