how does the domain logon works?
Gerald Carter
cartegw at Eng.Auburn.EDU
Mon Feb 22 14:06:40 GMT 1999
> 1. where can i find information about the LSA API
> (documentation for all the functions) and for the
> SAM API? (lsasrv.dll, samlib.dll, samsrv.dll).
Don't know if they are. If anywhere, check the
MSDN CD's
> 3. where can i get NetMonitor? is it on the sdk? in
> the resource kit?
SMS CD's or the Windows NT Server CD. SMS is better.
> 5. each machine in a domain owns a SID right? that SID is given by the
> NT PDC? i read some MDSN documentation and it says that for a user to
> log on three steps are accomplished:
>
> 1. discovery of a PDC to validate the user
> 2. creation of a secure channel
> 3. pass-through authentication
>
> 1 is ok, now in 2, what does it means? when a user in a certain
> workstation wants to log on to a NT PDC, the workstation MUST be a
> domain member right? if it isn't, NETLOGON will refuse the connection,
> right?.
> so, the workstation is a member of a DOMAIN, now workstation sends to
> NETLOGON a username of MACHINE$ and a password of MACHINE$
> to create the secure channel? is that right? the password
> is always MACHINE$? you can't change it? the only thing
> authenticated is this username/password
> and not the worstation SID?.
The password is initially set to 'machine' which is the
machine NetBIOS names in lower case. Upon joining the
domain, the password is changed to some random value.
jerry
________________________________________________________________________
Gerald ( Jerry ) Carter
Engineering Network Services Auburn University
jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-ntdom
mailing list