NT authentication in a domain, need clarification
Phil Cox
pcc at llnl.gov
Fri Apr 24 21:30:05 GMT 1998
I have some confusion WRT authenticating in a domain. Here are the
scenerios, and my understanding of how the authentication happens.
Client : NT4 WS
Server: NT4
PDC: NT4
Assume user has already authenticated to the domain on the client and is
now attempting to access a share.
BTW: Where is the access token stored on the domain logon? The workstation
or the PDC (then replicated)? Both?
1. Client to PDC share:
Client sends an SMB negotioation request to PDC. PDC responds. Client then
sends an SMB session request to PDC. PDC issues challenge, client encrypts
with stored OWF, and returns it to PDC. PDC verifies it. Issues & stores an
access token and an associated UID. PDC returns UID to client. Client uses
UID in all subsequent SMB packets to the PDC.
2. Client to Server share:
Client sends an SMB negotioation request to server. Server responds.Client
then sends an SMB session request to Server. Server send authentication
request to PDC. PDC issues challenge to server. Server forwards that
challenge to client. Client encrypts with stored OWF, and returns it to
server. Server forwards it to PDC. PDC verifies it, says "ok" to server.
Server issues & stores an access token and an associated UID. Server
returns UID to client. Client uses UID in all subsequent SMB packets to the
Server.
**I was told that this is not correct. Can someone please give me a pointer
to the nitty gritty.
Phil
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Computer Incident Advisory Capability (CIAC) Philip C. Cox
(510)422-8193 (510)422-8564
ciac at llnl.gov pcc at llnl.gov
-------------------------------------------------------------------
PGP fingerprint = 1A97 AB44 406A 77B7 3EA8 3B5B E3B5 BE73
Noteable Quote = "Do today what you want to be tomorrow."
More information about the samba-ntdom
mailing list