|
Home > Archive > Server 2003 > February 2004 > Authentication
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| isles1 2004-02-26, 2:25 pm |
| I cannot imagine why this would be intended, but is this normal behavior:
Users from an NT4 domain that also have accounts in a 2003 domain (right now only the IT dept as we are in the testing phase) can access servers in the 2003 domain from a PC while logged on to that PC with a NT4 account. The user IS NOT prompted for credentials before connecting to the server in the 2003 domain.
*Each user has the same username and password in the NT4 and 2003 Domain. As soon as the password is changed in one of the domains, the user IS prompted for credentials. Of course the domains have different names, so I am not even sure why the username is apparently being seen as the same in both domains. Isn't the username supposed to be seen as "NT4domain\%username%" and "2003domain\%username%"
There are NO established trusts.
Is this a known issue? This seems to be a security concern in a production environment.
Thanks in advance. | |
| jeff_j_black 2004-02-27, 9:29 am |
| You have experienced this first hand? What functional mode is the 2003 domain in? Never heard of this before. Without trusts, I don't see how it could happen. | |
| isles1 2004-02-27, 10:14 am |
| quote:
Originally posted by jeff_j_black
You have experienced this first hand? What functional mode is the 2003 domain in? Never heard of this before. Without trusts, I don't see how it could happen.
Yes. I experienced it here at work after we set up AD yesterday. Current functional level is "Windows Server 2003." | |
| isles1 2004-02-27, 2:17 pm |
| Well, this is the answer I got to my original question when asked in a TechNet webcast:
If the username and password is the same on both the NT4 and w2k3 domain, then they wont be promted for credentials. if you change the password in either domain but not both, then user will be prompted as the username and password being passed is no longer correct. | |
| KScheler 2004-02-28, 1:43 pm |
| I've seen this same thing with an XP machine making a connection to a W2k domain and also connecting to a W2k3 domain. I went to a seminar this week and Mark Minasi, the speaker, mentioned something about a little known service called net crawler that makes the computer browse and automatically make a connection to any other computer on the network if the logon and password are the same without any user authentication being done by the user. I agree, this could be scary. |
|
|
|
|