Re: What is the workflow for folder sharing authentication in Windows 2000?

From: Drew Cooper [MS] (dcoop@online.microsoft.com)
Date: 03/29/03 

From: "Drew Cooper [MS]" <dcoop@online.microsoft.com>
Date: Sat, 29 Mar 2003 02:32:33 -0800

The sequence you're seeking depends on the authentication used (NTLM v.
Kerberos).

What are you trying to find? 

--
Drew Cooper [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Bee Hive" <bengaltiger@hotmail.com> wrote in message
news:3e8511b5$1_1@hpb10302.boi.hp.com...
> Thanks, Steve. I am aware of the security technologies behind the Windows
> authentication. I hope you or someone can help me or point to the
technical
> information that explains the sequences of things will happen when a
machine
> tries to access a shared folder on another one. For example,
>
> 1) connect to UNC
>
> 2) send SID to the host machine
>
> 3) host machine verify the SID with the domain??
>
> 4) ...
>
> 5) open a file on the share
>
> 6) send the SID again to ask for permission to open a file???
>
> I am guessing here. Is there any technical papers that allows me to get
this
> sequence correctly?
>
> - Bee Hive
>
> "Steven L Umbach" <n9rou@attbi.com> wrote in message
> news:Ji7ha.271763$qi4.151479@rwcrnsc54...
> >        Maybe this will be of some help. W2K domain use kerberos
> > authentication for W2K clients. Workgroups use lm, ntlm, or ntlm v2
> > depending on mix of clients in workgroup. A W2K only workgroup would use
> > ntlm or ntlm v2. See links for more particulars. In link about ntlm, if
it
> > is a workgroup exchange would be similar except no domain controller is
> > involved and server would use local sam to perform the steps that domain
> > controller would. I am not sure how long a ntlm authentication is good
for
> > though. Good luxk.  --- Steve
> >
> >
> >
> > http://support.microsoft.com/default.aspx?scid=kb;EN-US;217098
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/se
> > curity/microsoft_ntlm.asp
> >
> > "Bee Hive" <bengaltiger@hotmail.com> wrote in message
> > news:3e84d035$1_1@hpb10302.boi.hp.com...
> > > Hi all,
> > >
> > > Here is the question that I asked Microsoft, but it is not very
> > responsive.
> > > I hope one of you could help me.  Thanks!
> > >
> > > __________________________________
> > >
> > > Dear Dev Team:
> > >
> > > I have a question regarding to the file-sharing authentication in the
> > > Windows 2000 environment. I hope you can help me to answer it.
> > >
> > > The objective is that I want to assess the performance difference
> between
> > > the workgroup environment and domain environment in Windows 2000 in
> terms
> > of
> > > the workflow of the file-sharing accessibility. For example, what is
the
> > > complete workflow (connect, sid authentication, etc.) for the scenario
> > when
> > > a machine (remote) using a logon identity to access a shared folder
from
> > > another machine (host). What are steps for the workflow?
> > >
> > > Here are questions around the answer:
> > >
> > > 1) How does the host machine authenticate/identify the remote machine
to
> > > make sure that it does have the right permissions to access the shared
> > > folder? (For example, the remote using the domain\fileuser to access
the
> > > shared folder and on the shared folder's permission having
> domain\fileuser
> > > allowed)
> > >
> > > 2) After the remote gets connected to the shared folder. Will there be
> any
> > > additional file-sharing authentication happening whenever the remote
> > > create/copy/move/delete files from the shared folder? In other words,
is
> > > there any authentication happened whenever a file operation executed
> from
> > > the remote machine on the shared folder after it connects?
> > >
> > > Please let me know if you could help me.
> > >
> > > __________________________________
> > >
> > > If you could point me to a diagram or some technical papers for this,
it
> > > would be very helpful.
> > >
> > > - Bee Hive
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: What is the workflow for folder sharing authentication in Windows 2000?
    ... tries to access a shared folder on another one. ... host machine verify the SID with the domain?? ... > ntlm or ntlm v2. ... I am not sure how long a ntlm authentication is good for ...
    (microsoft.public.win2000.security)
  • Re: What is the workflow for folder sharing authentication in Windows 2000?
    ... authentication for W2K clients. ... Workgroups use lm, ntlm, or ntlm v2 ... depending on mix of clients in workgroup. ... > a machine using a logon identity to access a shared folder from ...
    (microsoft.public.win2000.security)
  • RE: ADS Password Storage Protection
    ... In Windows it is LM or NT (sometimes called NTLM) hashes. ... NTLMv2 refers to the authenication protocol that exchanges the hash ... between the client and server authentication database. ...
    (Security-Basics)
  • Re: Integrated Windows Authentication Timeout?
    ... Is it possible that a different host name is being used for one of the subsequent requests that would break Kerberos auth? ... If you have "Negotiate" authentication set in the metabase, then this can still negotiate down to NTLM if for some reason the protocol thinks that Kerberos is unavailable. ... server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: HttpWebRequest over Https Via Proxy Fails using NTLM
    ... The proxy authentication header returns Basic, NTLM, and Negotiate. ... A network trace shows that the https request handshake is as follows: ...
    (microsoft.public.dotnet.framework.aspnet)