How to Login to XP with an UNIX account??

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi there, I wonder is there any way that an user can logon to a XP
workstation with an account under unix server without the user's name
existed in the workstation first. No domain available within the lan,
just workgroup.

I remember there is a feature in windows98 that user can require
validation from network for windows access.

thanks.


--
howard168
------------------------------------------------------------------------
howard168's Profile: http://www.iamnotageek.com/member.php?userid=9679
View this thread: http://www.iamnotageek.com/showthread.php?t=810581
6 answers Last reply
More about login unix account
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "howard168" <howard168.1jt04u@no-mx.forums.iamnotageek.com> wrote in message
    news:howard168.1jt04u@no-mx.forums.iamnotageek.com...
    >
    > Hi there, I wonder is there any way that an user can logon to a XP
    > workstation with an account under unix server without the user's name
    > existed in the workstation first. No domain available within the lan,
    > just workgroup.
    >
    > I remember there is a feature in windows98 that user can require
    > validation from network for windows access.
    >
    > thanks.
    >
    >
    > --
    > howard168
    > ------------------------------------------------------------------------
    > howard168's Profile: http://www.iamnotageek.com/member.php?userid=9679
    > View this thread: http://www.iamnotageek.com/showthread.php?t=810581
    >

    Does the unix server run NIS?

    I'll admit that I'm a bit fuzzy on this topic, but maybe this is in the
    ballpark:

    http://support.microsoft.com/?kbid=324542

    http://www.microsoft.com/windows/sfu/

    It looks like it might need a domain to be set up, running AD.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "howard168" <howard168.1jt04u@no-mx.forums.iamnotageek.com> ha scritto nel
    messaggio news:howard168.1jt04u@no-mx.forums.iamnotageek.com...

    > Hi there, I wonder is there any way that an user can logon to a XP
    > workstation with an account under unix server without the user's name
    > existed in the workstation first. No domain available within the lan,
    > just workgroup.

    None that I know of.

    > I remember there is a feature in windows98 that user can require
    > validation from network for windows access.

    There is, but it requires a domain.

    Massimo
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "howard168" <howard168.1jt04u@no-mx.forums.iamnotageek.com> wrote in message
    news:howard168.1jt04u@no-mx.forums.iamnotageek.com...
    >
    > Hi there, I wonder is there any way that an user can logon to a XP
    > workstation with an account under unix server without the user's name
    > existed in the workstation first. No domain available within the lan,
    > just workgroup.
    >
    > I remember there is a feature in windows98 that user can require
    > validation from network for windows access.

    When a user logs onto a Windows XP machine an Access Token is built locally
    that contains the Security Identifiers (SIDs) for the user and all the
    groups they are a member of. When you do this against an Active Directory
    Domain the SIDs are sent to your workstation in a data blob inside a
    Kerberos ticket called the PAC. Since only the Microsoft implementation of
    Kerberos uses the PAC to send the SIDs and without the SIDs you cannot build
    an Access Token you cannot perform your initial logon to a Windows XP PC
    using only a UNIX system with no local account information on the PC.

    The security models within the operating systems of Windows 9x and Windows
    XP are radically different so previous 9x features are irrelevant.

    --

    Regards,

    Mike
    --
    Mike Brannigan [Microsoft]

    This posting is provided "AS IS" with no warranties, and confers no
    rights

    Please note I cannot respond to e-mailed questions, please use these
    newsgroups

    "howard168" <howard168.1jt04u@no-mx.forums.iamnotageek.com> wrote in message
    news:howard168.1jt04u@no-mx.forums.iamnotageek.com...
    >
    > Hi there, I wonder is there any way that an user can logon to a XP
    > workstation with an account under unix server without the user's name
    > existed in the workstation first. No domain available within the lan,
    > just workgroup.
    >
    > I remember there is a feature in windows98 that user can require
    > validation from network for windows access.
    >
    > thanks.
    >
    >
    > --
    > howard168
    > ------------------------------------------------------------------------
    > howard168's Profile: http://www.iamnotageek.com/member.php?userid=9679
    > View this thread: http://www.iamnotageek.com/showthread.php?t=810581
    >
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Thanks, Mike and everyone there.

    It looks like I should try someway else.

    We use Solaris as our servers. Can I implement a LDAP server under unix
    to meet my original request? ie. login to XP without a local account
    created first through. and how to implement it? (I am not a geek ;-()

    It's a lab environment with XPs on all workstations. All user accounts
    are located in the UNIX servers. It's hard to setup local accounts for
    all users on each PCs but we still need to restrict any unauthorized
    users.

    What we done at moment is to create a general user account on each XP
    pc without password and users can mount to their home directory on the
    file server with their user name and password. i.e. any user can access
    workstation locally. that causes some problem on lab management.

    Any suggestion will be appreciated. Thanks again.

    Howard


    --
    howard168
    ------------------------------------------------------------------------
    howard168's Profile: http://www.iamnotageek.com/member.php?userid=9679
    View this thread: http://www.iamnotageek.com/showthread.php?t=810581
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "howard168" <howard168.1jup98@no-mx.forums.iamnotageek.com> ha scritto nel
    messaggio news:howard168.1jup98@no-mx.forums.iamnotageek.com...

    > We use Solaris as our servers. Can I implement a LDAP server under unix
    > to meet my original request? ie. login to XP without a local account
    > created first through. and how to implement it? (I am not a geek ;-()
    >
    > It's a lab environment with XPs on all workstations. All user accounts
    > are located in the UNIX servers. It's hard to setup local accounts for
    > all users on each PCs but we still need to restrict any unauthorized
    > users.

    You could use Samba, the free NT "emulator" for UNIX systems; I don't know
    if there are binaries for Solaris, but I'm fairly sure you can recompile the
    source if there aren't.
    The package can fully emulate a Windows NT 4.0 server, including file shares
    and, most important for you, domain logons for Windows clients.

    Massimo
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "howard168" <howard168.1jup98@no-mx.forums.iamnotageek.com> wrote in message
    news:howard168.1jup98@no-mx.forums.iamnotageek.com...
    >
    > Thanks, Mike and everyone there.
    >
    > It looks like I should try someway else.
    >
    > We use Solaris as our servers. Can I implement a LDAP server under unix
    > to meet my original request? ie. login to XP without a local account
    > created first through. and how to implement it? (I am not a geek ;-()
    >
    > It's a lab environment with XPs on all workstations. All user accounts
    > are located in the UNIX servers. It's hard to setup local accounts for
    > all users on each PCs but we still need to restrict any unauthorized
    > users.
    >
    > What we done at moment is to create a general user account on each XP
    > pc without password and users can mount to their home directory on the
    > file server with their user name and password. i.e. any user can access
    > workstation locally. that causes some problem on lab management.
    >
    > Any suggestion will be appreciated. Thanks again.
    >
    > Howard

    Howard,

    I'm sorry if my response was not clear.
    But as I said to logon to a Windows XP PC without a Local account the PC
    first has to logon to the domain to allow it to then facilitate the
    authentication of a user attempting to logon to it without a local account.
    As I said this requires that the authentication server (the domain
    controllers) provide the necessary information for the authorization
    processes used by Windows. This means it must provide the SIDs necessary to
    build the access token on that PC. In active Directory terms with is done
    using the PAC in the Kerberos ticket or if you are failing back to the less
    secure NTLM authentication packages via another process (RPC).
    In either case the system being used to provide authentication must do this
    in some way. A basic LDAP server will not provide this data.

    As has been mentioned in other posts there are apparently products that can
    emulate the old NT 4.0 domain functionality (NTLM authentication). Note
    that while this may get you authenticated, you will not have any of the
    additional advanced security and management technologies available to a
    user/PC under a real Active Directory environment.


    --

    Regards,

    Mike
    --
    Mike Brannigan [Microsoft]

    This posting is provided "AS IS" with no warranties, and confers no
    rights

    Please note I cannot respond to e-mailed questions, please use these
    newsgroups

    "howard168" <howard168.1jup98@no-mx.forums.iamnotageek.com> wrote in message
    news:howard168.1jup98@no-mx.forums.iamnotageek.com...
    >
    > Thanks, Mike and everyone there.
    >
    > It looks like I should try someway else.
    >
    > We use Solaris as our servers. Can I implement a LDAP server under unix
    > to meet my original request? ie. login to XP without a local account
    > created first through. and how to implement it? (I am not a geek ;-()
    >
    > It's a lab environment with XPs on all workstations. All user accounts
    > are located in the UNIX servers. It's hard to setup local accounts for
    > all users on each PCs but we still need to restrict any unauthorized
    > users.
    >
    > What we done at moment is to create a general user account on each XP
    > pc without password and users can mount to their home directory on the
    > file server with their user name and password. i.e. any user can access
    > workstation locally. that causes some problem on lab management.
    >
    > Any suggestion will be appreciated. Thanks again.
    >
    > Howard
    >
    >
    > --
    > howard168
    > ------------------------------------------------------------------------
    > howard168's Profile: http://www.iamnotageek.com/member.php?userid=9679
    > View this thread: http://www.iamnotageek.com/showthread.php?t=810581
    >
Ask a new question

Read More

Unix Workstations Windows XP