Newbie - Client Authentication Question

[fishax]

Not an NT expert, but have always wondered about something. At work, we have some NT Clients on a NT Domain. There is NO WINS or DNS pointers on the Clients. How do the Clients know which is the PDC/BDC on NT Network. Does it not require the WINS? Just wondering how these clients authenticate themselves on the domain? Is it the Router Config? Gateway? What? Or do all computers registered on a domain simply know which is the PDC/BDC?

 

[fishax]

By the way...Static IP is being used. No DHCP for these clients in question.

 

[mattjurado]

If there is no WINS server, then the clients are probably running NetBEUI for name resolution (there are other ways to get it done, but this is the most likely). WINS and DNS are just ways to resolve out names. The actual authentication process is a more involved ballgame... To answer your exact question on how clients know which is a pdc/bdc, I'd grab any old NT 4 server admin book, or search on google, you'll find all the explanations you need.

Matt J.

 

[PistolPete30]

Isn't NetBEUI an old non-routable network protocol that has nothing to do with name resolution? Were you perhaps thinking about NETBIOS names?

 

[Spirit]

I am guess but without WINS/DHCP its probably only a small workgroup if so routing isn't going to be needed.

So PC's aren't strictly authenticated and since they've got statics we're talking local profiles here. YUCK!!!

Iain

 

[fishax]

Hi,
It is a Domain, not a workgroup and there is definately NT Server authentication. Again, no DHCP, Gateway, WINS. It is on its own VLAN. Uses TCP/IP.

I am still digging. Went to a bookshop to find NT books, but none on shelf anymore, so I will find the answer sooner or later. Thanks for all responses so far.

I am going to check the LMHOST. What about Router...can this be configured to find the PDC. PDC is also on the same VLAN, so I am assuming that they broadcast and find the PDC?

Does DNS play a role in Win NT. I thought only WINS played a role.

 

[mattjurado]

DNS in NT is only designed to resolve Internet Names to addresses, whereas its integral in Windows 2000 Active Directory.

In NT4, to get machines to talk, you typically do one of 2 things.

1. Run NetBEUI, so machines with NetBIOS names can talk.
2. Run WINS, to map local machine names to IPs.

PistolPete, you are right, NetBEUI has nothing to do with IP to Name resolution, its a separate protocol to get 2 machines with NetBIOS names to talk. Without WINS, he's likely running NetBEUI, but he could also have permanent entries entered into lmhosts files on his network.

Matt J.

 

[fishax]

They are using TCP/IP. All these Client machines are on the same VLAN, so apparently, even though they do not have a WINS pointer, they broadcast on the same VLAN and since the PDC is on the same VLAN, I guess they find it and authenticate. Thats how they are working.

 

[outonalimb]

WINS is not required for domain authentication just name resolution. Windows NT 4 clients use a broadcast method to search for a PDC/BDC.

I find it strange that you are not using DHCP and WINS within your NT 4 environment. If you have a NT4 Server on your local VLAN, why not configure it to be a DHCP and WINS server. If some machines require a static IP configuration, you can reserve IP addresses in DHCP Manager.

Using DHCP to autoconfigure your clients will probably make your life as an administrator 100 times easier.

Do your machines need to communicate with computers outside your VLAN? If so, this can be done in different ways depending if your VLAN's are segmented at layer 2 or layer 3.