Graham, The Windows 2000 client has to locate a DC before Kerberos authentication can take place
The sequence of "locator processes" is determined by the Netbios node type of the client, but as I understand it, by default Win2k would try (1). Its local cache (2). DNS. (3) WINS etc etc Using DNS the sequence of mapping from Netbios domain name to DC IP address starts with the method of resolving unqualified domain name defined in the client TCP/IP DNS properties tab But I could be wrong... Peter ----- Original Message ----- From: "Graham Turner" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 13, 2002 9:49 AM Subject: [ActiveDir] user logon domain controller discovery > scenario - windows 2000 client has established secure channel, authenticated > using kerberos to the dns domain of which it is a member. > > what determines the locator process (wins / dns) for the discovery of the DC > for the user logon ?? > > MS tell us that for a NetBIOS name WINS is used - > > most users unless instructed to the contrary will use on the domains > (NetBIOS) from the pick list of the logon dialog box > > does this mean that WINS is used for the DC locator ?? > > OR is there some process by the client "maps" this NetBIOS domain name to a > DNS domain ?? and attempt to use DNS / LDAP ?? > > under NTLM / NT4 the logon request would be passed to the DC secure channel > partner as a pass thru authentication request. (discovered by wins / > netlogon) > > this pass thru authentication process is not implemented by Kereberos or is > it ?? > > will be glad for help on this one > > GT > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
