|
Home > Archive > 70-068 enterprise > January 2001 > PASS THROUGH AUTHENTICATION
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
PASS THROUGH AUTHENTICATION
|
|
|
| I am unclear on this concept...
When a user in a Trusted Domain accesses a Trusting Domain, it is handled by "Pass through Authentication". Can a Trusting Domain access a Trusted Domain through "Pass Through Authentication" too...???
(the other way around)
Also, as I understand this. A NT based computer is a member of one domain, and the user account that is attempting to log on is a member of a different domain....
That also is handled by "Pass Through Authentication"....????
Please help, or I will hang myself with a
Cat. 5 cable......
------------------
jettierat | |
|
| I have seen the same Questions and a lot of debait about it. As I understand you can log in either as a Guest in that Domain and access only resources that guest have premmisions to, Or you can log in as A domain user if you have an account and access resources that the Domain users have access to. The questions Ive seen say you do log in so you have to have some kind of account although you dont have the trust for your Admin to set it up,the other Domain Admin can. | |
|
| A Pass through Authentication Example:
A user Ann wants to access a computer in the London domain. Because the London domain trusts Ann’s home domain, Topeka, it asks the Topeka domain to authenticate Ann’s account information.
Here's another:
If the user tries to make a network connection to a remote computer in an untrusted domain, the logon proceeds as if the user were connecting to an account on the remote computer. That computer authenticates the logon credentials against its directory database. If the account is not defined in the directory database but the Guest account on the remote computer is enabled, and if the Guest account has no password set, the user will be logged on with guest privileges. If the Guest account is not enabled, the logon fails.
So for your question, and I'm assuming that we are just talking about Single Domains here, Another trust would have to be established (so, we've got a two-way trust going between the two domains).
Hope this Helps!! 
Spid
Net+, MCSE
[This message has been edited by Spid (edited 01-09-2001).] | |
|
| Thanks for your help "Homecomputers" and "Spid"....
"Spid"....???
One question?...When using "Pass Through Authenticaion", is the same true for going from trusting to trusted domain...???
Thanks again for your help.....
------------------
jettierat | |
|
| quote:
Originally posted by jettierat:
"Spid"....???
One question?...When using "Pass Through Authenticaion", is the same true for going from trusting to trusted domain...???
If I'm understanding your question correctly, Yes. But what you have access to, or whether you can successfully logon to the domain will depend on whether there is a two way trust going on between the 2 single domains or not and/or if the Guest account is enabled. (As I previously posted)
Look at it(pass through authentication) this way:
If you are using an NT workstation or 2000 professional workstation, you use pass-through authentication everytime you log on.
You can choose whether to log on locally to the workstation or attempt to log onto the domain.
If you log on locally the Local SAM takes care of authentication.
If you choose to log on to the domain, the Local SAM says "Whoa, I can't authenticate you, but I'll forward this to someone that can" the aunthentication request then gets forwarded through to the NetLogon Service to the Global SAM that will authenticate you.
Sorry if I babbled on with a long post, I tend to do that sometimes... 
Hope this Helps!!
Spid
Net+, MCSE
|
|
|
|
|