Re: Please help as I don't understand how a computer logs onto a domain
From: Laura E. Hunter \(MVP\) (hunter(nospamplease)_at_sfs.upenn.edu)
Date: 05/26/04
- Next message: Z.E: "Event ID error: 4004 on DNS"
- Previous message: Jacques Koorts: "Please help as I don't understand how a computer logs onto a domain"
- In reply to: Jacques Koorts: "Please help as I don't understand how a computer logs onto a domain"
- Next in thread: Jacques Koorts: "Re: Please help as I don't understand how a computer logs onto a domain"
- Reply: Jacques Koorts: "Re: Please help as I don't understand how a computer logs onto a domain"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 26 May 2004 11:51:07 -0400
Unless you've configured your server to -only- allow Kerberos
authentication, clients will attempt "lower" authentication protocols if
Kerberos fails:
If Kerberos fails, they'll try NTLMv2
If NTLMv2 fails, they'll try NTLM
If NTLM fails, they'll try LM
This is how down-level clients are able to connect to more modern Windows
2000 servers even though they do not support things like Kerberos. By
default, Windows 2000 will allow clients to negotiate authentiction
protocols all the way down to LM. (I think 2003 asks for a minimum of NTLM
by default, but look that up before you quote me on it.)
Mark has an -exhaustive- column on the topic of down-level clients and
LM/NTLM credentials that is simply required reading:
http://www.minasi.com/showdoc.asp?docname=nws0304.htm (link requires free
registration)
-- ****************************** Laura E. Hunter - MCSE, MCT, MVP Replies to newsgroup only "Jacques Koorts" <jkoorts@ccalimited.com> wrote in message news:10b9ebitaqn3b4@corp.supernews.com... > I'm reading Mark Minasi's book Mastering Windows 2000 Server 4th Ed, and > have this question. > > The book says that when trying to logon your computer looks for servers > with > port 88 and 389 open. Well I did a port scan on my DC and saw that only > port > 88 was open. I could logon just fine. Then I closed port 88 (Stopped the > kerberos service), and still are able to logon (the login script is > running > fine, and typing "Set" at the command prompt gives me a server). > > So how now? > > Hope someone can shed some light on this. > > Kind regards > >
- Next message: Z.E: "Event ID error: 4004 on DNS"
- Previous message: Jacques Koorts: "Please help as I don't understand how a computer logs onto a domain"
- In reply to: Jacques Koorts: "Please help as I don't understand how a computer logs onto a domain"
- Next in thread: Jacques Koorts: "Re: Please help as I don't understand how a computer logs onto a domain"
- Reply: Jacques Koorts: "Re: Please help as I don't understand how a computer logs onto a domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
