Windows Domain login step
- From: "Paolo" <paolo.carrara80@xxxxxxxxx>
- Date: 8 Mar 2007 02:19:08 -0800
Hi,
I tryed to understand the steps involved in a windows domain login,
from the machine startup to the desktop loading.
I read a lot of articles and I try to synthetize the procedure as
follow:
1) turn on the computer
2) Machine authentication with, for example, EAP-TLS. This step
involve the computer (supplicant), an authenticator (i.e. the Access
point if we are in a WiFi environment or a switch if we are in a wired
environment) and a RADIUS Server (IAS in Windows Domain)
3) Once the machine is authenticated, the machine starts a DHCP
request to obtain an IP address. The DHCP Server reply and the
computer obtain his IP address
4) The GINA is displayed and the user prompt in his username and
password
5) User authentication with, for example EAP-MSCHAP v2. This step
involve the computer (supplicant), an authenticator (i.e. the Access
point if we are in a WiFi environment or a switch if we are in a wired
environment) and a RADIUS Server (IAS in Windows Domain)
6) Once the user is authenticated he can request a domain service,
like a printer.
7) A Kerberos session begins. The client send to Domain Controller
(where reside KDC (Key Distribution Center) and TGS (Ticket Granting
Service)) a request to obtain the ticket for the Printer Server.
8) At the end of Kerberos session, the deskotp is loaded.
Is that procedure correct? Can someone help me to understand the
correct order?
Thanks (and sorry for my english)!!!
Paolo
.
- Prev by Date: ntbackup schedule not working
- Next by Date: client on domain WIN2000
- Previous by thread: ntbackup schedule not working
- Next by thread: client on domain WIN2000
- Index(es):
Relevant Pages
|
