How to Login to XP with an UNIX account??

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi there, I wonder is there any way that an user can logon to a XP
workstation with an account under unix server without the user's name
existed in the workstation first. No domain available within the lan,
just workgroup.

I remember there is a feature in windows98 that user can require
validation from network for windows access.

thanks.


--
howard168
------------------------------------------------------------------------
howard168's Profile: http://www.iamnotageek.com/member.php?userid=9679
View this thread: http://www.iamnotageek.com/showthread.php?t=810581
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"howard168" <howard168.1jt04u@no-mx.forums.iamnotageek.com> wrote in message
news:howard168.1jt04u@no-mx.forums.iamnotageek.com...
>
> Hi there, I wonder is there any way that an user can logon to a XP
> workstation with an account under unix server without the user's name
> existed in the workstation first. No domain available within the lan,
> just workgroup.
>
> I remember there is a feature in windows98 that user can require
> validation from network for windows access.
>
> thanks.
>
>
> --
> howard168
> ------------------------------------------------------------------------
> howard168's Profile: http://www.iamnotageek.com/member.php?userid=9679
> View this thread: http://www.iamnotageek.com/showthread.php?t=810581
>

Does the unix server run NIS?

I'll admit that I'm a bit fuzzy on this topic, but maybe this is in the
ballpark:

http://support.microsoft.com/?kbid=324542

http://www.microsoft.com/windows/sfu/

It looks like it might need a domain to be set up, running AD.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"howard168" <howard168.1jt04u@no-mx.forums.iamnotageek.com> ha scritto nel
messaggio news:howard168.1jt04u@no-mx.forums.iamnotageek.com...

> Hi there, I wonder is there any way that an user can logon to a XP
> workstation with an account under unix server without the user's name
> existed in the workstation first. No domain available within the lan,
> just workgroup.

None that I know of.

> I remember there is a feature in windows98 that user can require
> validation from network for windows access.

There is, but it requires a domain.

Massimo
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"howard168" <howard168.1jt04u@no-mx.forums.iamnotageek.com> wrote in message
news:howard168.1jt04u@no-mx.forums.iamnotageek.com...
>
> Hi there, I wonder is there any way that an user can logon to a XP
> workstation with an account under unix server without the user's name
> existed in the workstation first. No domain available within the lan,
> just workgroup.
>
> I remember there is a feature in windows98 that user can require
> validation from network for windows access.

When a user logs onto a Windows XP machine an Access Token is built locally
that contains the Security Identifiers (SIDs) for the user and all the
groups they are a member of. When you do this against an Active Directory
Domain the SIDs are sent to your workstation in a data blob inside a
Kerberos ticket called the PAC. Since only the Microsoft implementation of
Kerberos uses the PAC to send the SIDs and without the SIDs you cannot build
an Access Token you cannot perform your initial logon to a Windows XP PC
using only a UNIX system with no local account information on the PC.

The security models within the operating systems of Windows 9x and Windows
XP are radically different so previous 9x features are irrelevant.

--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"howard168" <howard168.1jt04u@no-mx.forums.iamnotageek.com> wrote in message
news:howard168.1jt04u@no-mx.forums.iamnotageek.com...
>
> Hi there, I wonder is there any way that an user can logon to a XP
> workstation with an account under unix server without the user's name
> existed in the workstation first. No domain available within the lan,
> just workgroup.
>
> I remember there is a feature in windows98 that user can require
> validation from network for windows access.
>
> thanks.
>
>
> --
> howard168
> ------------------------------------------------------------------------
> howard168's Profile: http://www.iamnotageek.com/member.php?userid=9679
> View this thread: http://www.iamnotageek.com/showthread.php?t=810581
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks, Mike and everyone there.

It looks like I should try someway else.

We use Solaris as our servers. Can I implement a LDAP server under unix
to meet my original request? ie. login to XP without a local account
created first through. and how to implement it? (I am not a geek ;-()

It's a lab environment with XPs on all workstations. All user accounts
are located in the UNIX servers. It's hard to setup local accounts for
all users on each PCs but we still need to restrict any unauthorized
users.

What we done at moment is to create a general user account on each XP
pc without password and users can mount to their home directory on the
file server with their user name and password. i.e. any user can access
workstation locally. that causes some problem on lab management.

Any suggestion will be appreciated. Thanks again.

Howard


--
howard168
------------------------------------------------------------------------
howard168's Profile: http://www.iamnotageek.com/member.php?userid=9679
View this thread: http://www.iamnotageek.com/showthread.php?t=810581
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"howard168" <howard168.1jup98@no-mx.forums.iamnotageek.com> ha scritto nel
messaggio news:howard168.1jup98@no-mx.forums.iamnotageek.com...

> We use Solaris as our servers. Can I implement a LDAP server under unix
> to meet my original request? ie. login to XP without a local account
> created first through. and how to implement it? (I am not a geek ;-()
>
> It's a lab environment with XPs on all workstations. All user accounts
> are located in the UNIX servers. It's hard to setup local accounts for
> all users on each PCs but we still need to restrict any unauthorized
> users.

You could use Samba, the free NT "emulator" for UNIX systems; I don't know
if there are binaries for Solaris, but I'm fairly sure you can recompile the
source if there aren't.
The package can fully emulate a Windows NT 4.0 server, including file shares
and, most important for you, domain logons for Windows clients.

Massimo
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"howard168" <howard168.1jup98@no-mx.forums.iamnotageek.com> wrote in message
news:howard168.1jup98@no-mx.forums.iamnotageek.com...
>
> Thanks, Mike and everyone there.
>
> It looks like I should try someway else.
>
> We use Solaris as our servers. Can I implement a LDAP server under unix
> to meet my original request? ie. login to XP without a local account
> created first through. and how to implement it? (I am not a geek ;-()
>
> It's a lab environment with XPs on all workstations. All user accounts
> are located in the UNIX servers. It's hard to setup local accounts for
> all users on each PCs but we still need to restrict any unauthorized
> users.
>
> What we done at moment is to create a general user account on each XP
> pc without password and users can mount to their home directory on the
> file server with their user name and password. i.e. any user can access
> workstation locally. that causes some problem on lab management.
>
> Any suggestion will be appreciated. Thanks again.
>
> Howard

Howard,

I'm sorry if my response was not clear.
But as I said to logon to a Windows XP PC without a Local account the PC
first has to logon to the domain to allow it to then facilitate the
authentication of a user attempting to logon to it without a local account.
As I said this requires that the authentication server (the domain
controllers) provide the necessary information for the authorization
processes used by Windows. This means it must provide the SIDs necessary to
build the access token on that PC. In active Directory terms with is done
using the PAC in the Kerberos ticket or if you are failing back to the less
secure NTLM authentication packages via another process (RPC).
In either case the system being used to provide authentication must do this
in some way. A basic LDAP server will not provide this data.

As has been mentioned in other posts there are apparently products that can
emulate the old NT 4.0 domain functionality (NTLM authentication). Note
that while this may get you authenticated, you will not have any of the
additional advanced security and management technologies available to a
user/PC under a real Active Directory environment.


--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"howard168" <howard168.1jup98@no-mx.forums.iamnotageek.com> wrote in message
news:howard168.1jup98@no-mx.forums.iamnotageek.com...
>
> Thanks, Mike and everyone there.
>
> It looks like I should try someway else.
>
> We use Solaris as our servers. Can I implement a LDAP server under unix
> to meet my original request? ie. login to XP without a local account
> created first through. and how to implement it? (I am not a geek ;-()
>
> It's a lab environment with XPs on all workstations. All user accounts
> are located in the UNIX servers. It's hard to setup local accounts for
> all users on each PCs but we still need to restrict any unauthorized
> users.
>
> What we done at moment is to create a general user account on each XP
> pc without password and users can mount to their home directory on the
> file server with their user name and password. i.e. any user can access
> workstation locally. that causes some problem on lab management.
>
> Any suggestion will be appreciated. Thanks again.
>
> Howard
>
>
> --
> howard168
> ------------------------------------------------------------------------
> howard168's Profile: http://www.iamnotageek.com/member.php?userid=9679
> View this thread: http://www.iamnotageek.com/showthread.php?t=810581
>