Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Local Machine user in a domain

Status
Not open for further replies.
seaport

seaport

MIS
Jan 5, 2000
923
US
I am working on a SQL Server 2005 server but I am not the network admin. Both my workstation - station1 and the SQL Server - SQL1 are in the same domain. A local user - user1 - is added to statation1 and SQL1 with same user name and password. I logged into station1 as user1 and found out that station1/user1 has access to SQL1.

As I understand, SQL1 knows that "station1/user1" is not a domain account and then basically validate the user name and password from "station1/user1" against its local accounts. This is how a user gets access to another machine in a Workgroup environment. But I am surprised to see that it also works in a domain.

Here is my questions.
What is the technical term for this kind of authentication - by matching the user name and passwords? Is this part of so-called "Integrated Authentication"?

Thanks in advance.

Seaport
 
Sort by date Sort by votes
Yes, a better explanation can be found here.


Essentially what happens is that because the username and passwords are the same it just authenticates against it and doesn't care that the accounts come from two different objects, as far as it's concerned the username and password that it's authenticating are the same as those that have permissions on the local machine.. so it lets it through.

Simon

The real world is not about exam scores, it's about ability.
 
Upvote 0 Downvote
Simon,

Thanks for the reply. It took me some time to read through those wiki articles.

As I understand, because I am using a Windows domain (windows 2003) so it has to be Integrated Windows Authentication, which can be either Kerberos or NTLM. To go further detailed, "station1/user1" is authenticated by SQL1 using NTLM, and a domain account like "DomainName/user1" will be authenticated using Kerberos.

Seaport
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
698
goombawaho
goombawaho
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
873
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
505
DrB0b
DrB0b
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
227
hairlessupportmonkey
hairlessupportmonkey
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
208
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top