关于netbios的一些实例,原文见 http://support.microsoft.com/default.aspx?scid=kb;EN-US;q103390.按道理不应该贴到这个版的,呵呵,没办法,自己的版当然会有点特殊感情。。
我以前的翻译,并且加上自己的例子,大家凑合着看看吧
Network Access Validation Algorithm and Example
网络访问认证原则和实例
The information in this article applies to:
? Microsoft Windows NT Advanced Server, version 3.1
? Microsoft Windows NT Server versions 3.5, 3.51, 4.0
The following is a simplified algorithm算法that explains how Windows NT Advanced Server account validation确认is observed to function during network access. This discussion does not cover the internal workings of this process. With this information, you can predict Windows NT network logon behavior under deterministic conditions. 你可以预知特定情况下NT的网络登陆过程。
Keep in mind when following this article that the local database is the ONLY database on a domain controller. But on the other server and all workstations the local database is different than the domain controller.
需要说明的是 ,本文说明的本地数据库是一个在域控制器上本地数据库。但是其他的普通服务器和工作站的数据库和域控制器数据库是不一样的 。
NOTE: All references提及to Windows NT Advanced Server in this article also include Windows NT Server.
Background Information
When two Microsoft network systems communicate over a network, they use a high-level protocol called server message block (SMB). These commands are embedded within the transport protocols like NetBEUI or TCP/IP.
当两个微软网络操作系统进行网络通信时,他们使用SMB高层协议。这些操作包含在NETBEUI或者TCP/IP协议中。
When a client carries out a NET USE command, it sends out a "SMB Session Setup and X" frame.
当一个 客户端发送一个NET USE命令,它发送一个"SMB Session Setup and X"帧。
In Windows NT, the Session Setup SMB includes the user account, a
function of the encrypted password and login domain.
在NT中,一个SMB会话包括用户账号,加密的PASSWD函数和登陆域的信息。
An Advanced Server will look at all of this information to determine if the client has permissions to complete the NET USE command.
一个高级服务器会根据所有这些信息来判断客户端是否有权限完成NET USE命令。
Algorithm算法
Windows NT workstation sends the following command to an Advanced Server:
NET USE x: \servershare
The Windows NT client sends a Session Setup SMB that contains its
Login Domain, User Account and Password.
NT客户端发送一个包括用户账号,加密的PASSWD函数和登陆域的信息的SMB会话。
一服务器检查这个SMB会话包含的 域信息,如果是自己这个域,那么
The Advanced Server checks the SMB specified Domain name If the domain is the Advanced Server's own Domain then
It checks its own Domain SAM[Security Account Manager]database for
a matching account.
它从自己的 DOMAIN SAM 中寻找匹配的 用户账号
If it finds a matching account then
如果找到匹配的 用户账号
The SMB password is compared to the Domain Database password.
利用SMB会话中包含的密码和DOMAIN SAM中储存的 用户密码进行比较
If the password matches then
如果密码匹配
The Command Completed Successfully.
命令执行成功
If the password does NOT match then
如果密码不匹配
User is prompted for a password.
提示用户输入密码
It is retested as above.
重新进行以上验证
System error 1326 has occurred. Logon failure: unknown
user name or bad password.
系统错误提示1326。登陆失败:未知的用户名或者错误的 密码。
End
If it does NOT find the account in the domain SAM database then
如果在SAM中没有找到匹配的用户
Guest permissions are tested.
验证GUEST权限
If the Guest account is Enabled
如果GUEST账号是被激活
The Command Completed Successfully.
命令执行成功
If the Guest account is Disabled
如果GUEST账号是禁止的
* See Note A.
User is prompted for a password.
提示用户输入密码
System error 1326 has occurred. Logon failure:
unknown user name or bad password.
系统错误提示1326。登陆失败:未知的用户名或者错误的 密码。
End
二如果SMB会话中包含的 域信息是这个服务器所信赖的域
If the Domain specified in the SMB is one that the Advanced Server TRUSTS then
The Advanced Server will do pass through authentication. The
network logon request will be sent to an Advanced Server in the
specified Trusted Domain.
这个服务器将传递认证过程,网络登陆要求将被发往这个信赖域的域控制器。
The Trusted Domain Advanced Server checks its own Domain database
for a matching account.
这个信赖域的域控制器检查自己的SMB有没有匹配的 用户账号
If it finds a matching account then
如果找到了匹配的用户账号
It looks to see if the Account is a Local or Global Account.
查询这个账号是本地组还是全局组
If the Account is Local then
如果这个账号是本地组账号
Guest permissions on the Original Server are tested.
最初的 服务器进行GUEST权限验证
If the Guest account is Enabled
如果GUEST账号是被激活
The Command Completed Successfully.
命令执行成功
If the Guest account is Disabled
如果GUEST账号是禁止的
* See Note A.
User is prompted for a password.
提示用户输入密码
System error 1326 has occurred. Logon failure:
unknown user name or bad password.
系统错误提示1326。登陆失败:未知的用户名或者错误的 密码。
End
If the Account is Global
如果这个账号是全局组账号
The SMB password is compared to the Domain Database
password.
利用SMB会话中包含的密码和DOMAIN SAM中储存的 用户密码进行比较
If the password matches then
如果密码匹配
The Command Completed Successfully.
命令执行成功
* See Note B.
If the password does NOT match then
如果密码不匹配
User is prompted for a password.
提示用户输入密码
It is retested as above.
重新进行以上验证
System error 1326 has occurred. Logon failure:
unknown user name or bad password.
系统错误提示1326。登陆失败:未知的用户名或者错误的 密码。
End
If it does NOT find the account in the Trusted domain
database then
如果在信任域的SAM中没有找到用户账号
Guest permissions are tested on the ORIGINAL Advanced
Server -NOT the Trusted Advanced Server. * See Note C.
最初的 服务器(而不是信任域服务器)进行GUEST权限验证
If the Guest account is Enabled
User will have original server guest access.
用户获得最初服务器的GUEST权限
The Command Completed Successfully.
If the Guest account is Disabled
* See Note A.
User is prompted for a password.
System error 1326 has occurred. Logon failure:
unknown user name or bad password.
End
三如果SMB中的域信息对于高级服务器来说是未知的。(域说明存在但是不是目标服务器所信赖的域)
If the Domain specified in the SMB is UNKNOWN by the Advanced Server. [A Domain was specified but it was not recognized by the Server as a Trusted Domain or its own.]
It will check its own Domain Account Database for a matching account
它从自己的 DOMAIN SAM 中寻找匹配的 用户账号
If the Advanced Server finds a matching account then
如果找到匹配的 用户账号
The SMB password is compared to the Domain Database password.
利用SMB会话中包含的密码和DOMAIN SAM中储存的 用户密码进行比较
If the password matches then
如果密码匹配
The Command Completed Successfully.
If t
